CVE-2025-5903Improper Restriction of Operations within the Bounds of a Memory Buffer in T10

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow4 documents4 sources
Severity
7.4HIGHNVD
EPSS
1.4%
top 19.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink T10Totolink T10 Firmware
Timeline
PublishedJun 10

Description

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/t104.1.8cu.5207
NVDtotolink/t10_firmware4.1.8cu.5207

🔴Vulnerability Details

2
GHSA
GHSA-pwwc-x5p3-pqjj: A vulnerability was found in TOTOLINK T10 42025-06-10
CVEList
TOTOLINK T10 POST Request cstecgi.cgi setWiFiAclRules buffer overflow2025-06-09

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Totolink setWiFiAclRules desc Parameter Buffer Overflow Attempt (CVE-2025-5903)2025-06-10
CVE-2025-5903 — Totolink T10 vulnerability | cvebase