PT-2025-29473 · Totolink · Totolink T6

Elvisblue

Publicado

2025-07-13

Atualizado

2025-07-17

CVE-2025-7613

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: TOTOLINK T6 version 4.1.5cu.748

Description: A critical issue exists in TOTOLINK T6 version 4.1.5cu.748. The vulnerability is located within the CloudSrvVersionCheck function of the /cgi-bin/cstecgi.cgi file, part of the HTTP POST Request Handler component. Manipulation of the ip argument allows for command injection. The attack can be initiated remotely. The exploit has been publicly disclosed.

Recommendations: TOTOLINK T6 version 4.1.5cu.748: As a temporary workaround, consider restricting access to the /cgi-bin/cstecgi.cgi file to minimize the risk of exploitation.

Exploit

Correção

Command Injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77CWE-74

Identificadores relacionados

BDU:2025-10028

CVE-2025-7613

Produtos afetados

Totolink T6

PT-2025-29473 · Totolink · Totolink T6

CVE-2025-7613

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13