CVE-2025-14964

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TOTOLINK T10 version 4.1.8cu.5083 B20200521

Description A flaw exists in TOTOLINK T10 firmware that allows for a remote stack-based buffer overflow. The issue is located within the sprintf function in the /cgi-bin/cstecgi.cgi file. Manipulation of the loginAuthUrl argument can trigger the overflow. The attack can be performed remotely.

Recommendations Update to a newer version of TOTOLINK T10 firmware that addresses this vulnerability.

Exploit

Fix

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-119

Related Identifiers

CVE-2025-14964

Affected Products

Totolink T10

CVE-2025-14964

Weakness Enumeration

Related Identifiers

Affected Products

References · 14