High severity8.8NVD Advisory· Published Jun 16, 2025· Updated Jun 17, 2026
CVE-2025-6138
CVE-2025-6138
Description
A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Affected products
2Patches
Vulnerability mechanics
References
6- candle-throne-f75.notion.site/TOTOLINK-T10-setWizardCfg-20ddf0aa1185808892f1dbbf63e6a153nvdExploitThird Party Advisory
- candle-throne-f75.notion.site/TOTOLINK-T10-setWizardCfg-20ddf0aa1185808892f1dbbf63e6a153nvdExploitThird Party Advisory
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdPermissions RequiredVDB Entry
- www.totolink.netnvdProduct
News mentions
0No linked articles in our index yet.