Totolink T10 vulnerabilities

CVE-2025-14964 [CRITICAL] CWE-119 CVE-2025-14964: A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function spr A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote.

CVE-2025-9533 [MEDIUM] CWE-287 CVE-2025-9533: A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Affected is an unknown functi A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6137 [HIGH] CWE-119 CVE-2025-6137: A vulnerability classified as critical has been found in TOTOLINK T10 4.1.8cu.5207. Affected is the A vulnerability classified as critical has been found in TOTOLINK T10 4.1.8cu.5207. Affected is the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the pub

CVE-2025-6138 [HIGH] CWE-119 CVE-2025-6138: A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vuln A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to th

CVE-2025-6139 [LOW] CWE-255 CVE-2025-6139: A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. A A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitatio

CVE-2025-5904 [HIGH] CWE-119 CVE-2025-5904: A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. Affected b A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument device_name leads to buffer overflow. The attack can be launched remotely. The exploit has been d

CVE-2025-5903 [HIGH] CWE-119 CVE-2025-5903: A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the pu

CVE-2025-5905 [HIGH] CWE-119 CVE-2025-5905: A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been rated as critical. Affected by t A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been rated as critical. Affected by this issue is the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument Password leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to

CVE-2025-5901 [HIGH] CWE-119 CVE-2025-5901: A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnera A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to

CVE-2025-5902 [HIGH] CWE-119 CVE-2025-5902: A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affect A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument slaveIpList leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public a

CVE-2025-4496 [HIGH] CWE-119 CVE-2025-4496: A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5 A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The ex

CVE-2024-9001 [MEDIUM] CWE-78 CVE-2024-9001: A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulne A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. T