What is the CVSS score of CVE-2025-7460?

CVE-2025-7460 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of T6 Firmware are affected by CVE-2025-7460?

A critical remote code execution vulnerability affects TOTOLIK T6 routers (model 4.1.5cu.748_B20211015), allowing unauthenticated attackers to execute arbitrary commands through a buffer overflow.

Is there a public PoC exploit available for CVE-2025-7460?

Yes, a public proof-of-concept exploit is available for CVE-2025-7460. Prioritise patching immediately. EPSS: 0.4%.

How to fix or mitigate CVE-2025-7460?

Within 24 hours: Identify all TOTOLINK T6 devices in your environment and isolate them from critical networks if possible; assess exposure by reviewing access logs for suspicious POST requests to /cgi-bin/cstecgi.cgi. Within 7 days: Implement WAF rules to block malformed mac parameter requests to the vulnerable endpoint; restrict HTTP POST access to the affected CGI script via network ACLs; consider disabling WiFi ACL functionality if not operationally critical. Within 30 days: Contact TOTOLINK for patch availability; evaluate replacement devices or alternative network solutions; conduct forensic review of affected systems for breach indicators.

T6 Firmware CVE-2025-7460

EUVD-2025-21189 HIGH

Buffer Overflow (CWE-119)

2025-07-11 cna@vuldb.com

RCE Buffer Overflow TP-Link T6 Firmware TOTOLINK

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 08:18 euvd

EUVD-2025-21189

Analysis Generated

Mar 16, 2026 - 08:18 vuln.today

PoC Detected

Jul 16, 2025 - 14:58 vuln.today

Public exploit code

CVE Published

Jul 11, 2025 - 22:15 nvd

HIGH 8.8

DescriptionNVD

A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

CVE-2025-7460 is a critical buffer overflow vulnerability in the setWiFiAclRules function of TOTOLINK T6 routers (version 4.1.5cu.748_B20211015) that allows authenticated remote attackers to achieve code execution through malformed MAC address parameters in HTTP POST requests. The vulnerability has been publicly disclosed with proof-of-concept availability and poses immediate risk to deployed TOTOLINK T6 devices; exploitation requires valid credentials but no user interaction.

Technical ContextAI

The vulnerability exists in the HTTP POST request handler component (/cgi-bin/cstecgi.cgi) of TOTOLINK T6 firmware. The setWiFiAclRules function fails to properly validate the length of the 'mac' argument before copying it into a fixed-size buffer, resulting in a classic stack-based or heap-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer). This is a common firmware vulnerability pattern in embedded networking devices where CGI scripts lack input sanitization. The affected product is a wireless router using a proprietary firmware stack. The vulnerability is triggered through a direct HTTP POST request to the CGI endpoint, making it trivially exploitable once an attacker gains initial authentication access (likely through default credentials, credential compromise, or local network access).

RemediationAI

Immediate remediation steps: (1) If vendor patch available: Check TOTOLINK support site for T6 firmware updates newer than 4.1.5cu.748_B20211015 and apply immediately. (2) If no patch: Implement network segmentation—restrict HTTP/HTTPS access to the router's admin interface to trusted IPs only; change default admin credentials to strong, unique passwords; disable remote administration features if enabled. (3) Monitoring: Log and alert on POST requests to /cgi-bin/cstecgi.cgi with 'setWiFiAclRules' parameters from unexpected sources. (4) Contingency: Consider replacing TOTOLINK T6 devices with alternatives from vendors with active security support if firmware updates are unavailable. Reference vendor advisory at TOTOLINK security portal (if exists); otherwise escalate to vendor for patch timeline.