Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
CVE-2025-7460 is a critical buffer overflow vulnerability in the setWiFiAclRules function of TOTOLINK T6 routers (version 4.1.5cu.748_B20211015) that allows authenticated remote attackers to achieve code execution through malformed MAC address parameters in HTTP POST requests. The vulnerability has been publicly disclosed with proof-of-concept availability and poses immediate risk to deployed TOTOLINK T6 devices; exploitation requires valid credentials but no user interaction.
Technical ContextAI
The vulnerability exists in the HTTP POST request handler component (/cgi-bin/cstecgi.cgi) of TOTOLINK T6 firmware. The setWiFiAclRules function fails to properly validate the length of the 'mac' argument before copying it into a fixed-size buffer, resulting in a classic stack-based or heap-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer). This is a common firmware vulnerability pattern in embedded networking devices where CGI scripts lack input sanitization. The affected product is a wireless router using a proprietary firmware stack. The vulnerability is triggered through a direct HTTP POST request to the CGI endpoint, making it trivially exploitable once an attacker gains initial authentication access (likely through default credentials, credential compromise, or local network access).
RemediationAI
Immediate remediation steps: (1) If vendor patch available: Check TOTOLINK support site for T6 firmware updates newer than 4.1.5cu.748_B20211015 and apply immediately. (2) If no patch: Implement network segmentation—restrict HTTP/HTTPS access to the router's admin interface to trusted IPs only; change default admin credentials to strong, unique passwords; disable remote administration features if enabled. (3) Monitoring: Log and alert on POST requests to /cgi-bin/cstecgi.cgi with 'setWiFiAclRules' parameters from unexpected sources. (4) Contingency: Consider replacing TOTOLINK T6 devices with alternatives from vendors with active security support if firmware updates are unavailable. Reference vendor advisory at TOTOLINK security portal (if exists); otherwise escalate to vendor for patch timeline.
More in T6 Firmware
View allA vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. Rated critical severity (CVSS 9.8), this vulnerability
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi. Rated critical severity (CVSS 9.8
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi. Rated critical severity (CVSS 9.8),
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi. Rated critical severity (CV
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample. Rated critical sev
TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. Rat
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the functio
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FU
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime paramete
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the functio
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-21189