CVE-2025-7460

Name of the Vulnerable Software and Affected Versions: TOTOLINK T6 version 4.1.5cu.748 B20211015

Description: A critical vulnerability has been identified in TOTOLINK T6. The issue resides in the setWiFiAclRules function within the /cgi-bin/cstecgi.cgi file of the HTTP POST Request Handler component. Manipulation of the mac argument leads to a buffer overflow, and the attack can be launched remotely. The exploit for this issue has been publicly disclosed.

Recommendations: TOTOLINK T6 version 4.1.5cu.748 B20211015: At the moment, there is no information about a newer version that contains a fix for this vulnerability.