VYPR

T6 Firmware

by Totolink

CVEs (8)

  • CVE-2025-6916HigJun 30, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. This affects the function Form_Login of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be…

  • CVE-2025-7862HigJul 20, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument telnet_enabled with the…

  • CVE-2025-7952MedJul 22, 2025
    risk 0.42cvss 6.3epss 0.15

    A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. The attack can be initiated remotely.…

  • CVE-2025-7615MedJul 14, 2025
    risk 0.41cvss 6.3epss 0.03

    A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection.…

  • CVE-2025-7614MedJul 14, 2025
    risk 0.41cvss 6.3epss 0.03

    A vulnerability classified as critical has been found in TOTOLINK T6 4.1.5cu.748. Affected is the function delDevice of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ipAddr leads to command injection. It is possible to…

  • CVE-2025-7613MedJul 14, 2025
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rated as critical. This issue affects the function CloudSrvVersionCheck of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection.…

  • CVE-2025-7525MedJul 13, 2025
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument command leads…

  • CVE-2025-7524MedJul 13, 2025
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command…