CVE-2025-7460

| EUVD-2025-21189 HIGH
2025-07-11 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 16, 2026 - 08:18 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 08:18 euvd
EUVD-2025-21189
PoC Detected
Jul 16, 2025 - 14:58 vuln.today
Public exploit code
CVE Published
Jul 11, 2025 - 22:15 nvd
HIGH 8.8

Tags

Buffer Overflow TP-Link RCE T6 Firmware TOTOLINK

Description

A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Analysis

CVE-2025-7460 is a critical buffer overflow vulnerability in the setWiFiAclRules function of TOTOLINK T6 routers (version 4.1.5cu.748_B20211015) that allows authenticated remote attackers to achieve code execution through malformed MAC address parameters in HTTP POST requests. The vulnerability has been publicly disclosed with proof-of-concept availability and poses immediate risk to deployed TOTOLINK T6 devices; exploitation requires valid credentials but no user interaction.

Technical Context

The vulnerability exists in the HTTP POST request handler component (/cgi-bin/cstecgi.cgi) of TOTOLINK T6 firmware. The setWiFiAclRules function fails to properly validate the length of the 'mac' argument before copying it into a fixed-size buffer, resulting in a classic stack-based or heap-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer). This is a common firmware vulnerability pattern in embedded networking devices where CGI scripts lack input sanitization. The affected product is a wireless router using a proprietary firmware stack. The vulnerability is triggered through a direct HTTP POST request to the CGI endpoint, making it trivially exploitable once an attacker gains initial authentication access (likely through default credentials, credential compromise, or local network access).

Affected Products

TOTOLINK T6 firmware version 4.1.5cu.748_B20211015 (and likely earlier versions with identical code). CPE representation: cpe:2.3:o:totolink:t6_firmware:4.1.5cu.748_b20211015:*:*:*:*:*:*:* or cpe:2.3:h:totolink:t6:-:* (hardware). The T6 is a wireless router; all deployments of this specific firmware version are vulnerable. No patch version is referenced in available data, suggesting either no vendor patch has been released or users must upgrade to a newer firmware branch entirely.

Remediation

Immediate remediation steps: (1) If vendor patch available: Check TOTOLINK support site for T6 firmware updates newer than 4.1.5cu.748_B20211015 and apply immediately. (2) If no patch: Implement network segmentation—restrict HTTP/HTTPS access to the router's admin interface to trusted IPs only; change default admin credentials to strong, unique passwords; disable remote administration features if enabled. (3) Monitoring: Log and alert on POST requests to /cgi-bin/cstecgi.cgi with 'setWiFiAclRules' parameters from unexpected sources. (4) Contingency: Consider replacing TOTOLINK T6 devices with alternatives from vendors with active security support if firmware updates are unavailable. Reference vendor advisory at TOTOLINK security portal (if exists); otherwise escalate to vendor for patch timeline.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.4
CVSS: +44
POC: +20

Share

CVE-2025-7460 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy