CVE-2025-6137

CVSS v2.0

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TOTOLINK T10 version 4.1.8cu.5207

Description A critical vulnerability has been found in the setWiFiScheduleCfg function of the file /cgi-bin/cstecgi.cgi, which is part of the HTTP POST Request Handler component. The manipulation of the

desc

argument leads to a buffer overflow. This issue can be exploited remotely. The exploit has been disclosed to the public.

Recommendations For TOTOLINK T10 version 4.1.8cu.5207, as a temporary workaround, consider disabling the

setWiFiScheduleCfg

function until a patch is available. Restrict access to the

/cgi-bin/cstecgi.cgi

file to minimize the risk of exploitation. Avoid using the

desc

argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

BDU:2025-07400

CVE-2025-6137

Affected Products

Totolink T10

CVE-2025-6137

Weakness Enumeration

Related Identifiers

Affected Products

References · 13