TOTOLINK T6 MQTT Packet meshSlaveDlfw tcpcheck_net buffer overflow_CVE-2025-8170

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. This vulnerability affects the function tcpcheck_net of the file /router/meshSlaveDlfw of the component MQTT Packet Handler. The manipulation of the argument serverIp leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-8170

Source VulDB

Published Jul 25, 2025 at 21:02

Modified Jul 28, 2025 at 14:53

Affected Product

Vendor TOTOLINK

Product T6

Version 4.1.5cu.748_B20211015

Affected Versions TOTOLINK T6 4.1.5cu.748_B20211015

CWE Classification

CWE-120 CWE-119

References

{
    "lastseen": "",
    "description": "A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. This vulnerability affects the function tcpcheck_net of the file /router/meshSlaveDlfw of the component MQTT Packet Handler. The manipulation of the argument serverIp leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-07-25T21:02:07.203Z",
    "modified": "2025-07-28T14:53:25.227Z",
    "type": "cve",
    "title": "TOTOLINK T6 MQTT Packet meshSlaveDlfw tcpcheck_net buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.317584\nhttps://vuldb.com/?ctiid.317584\nhttps://vuldb.com/?submit.620834\nhttps://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/9.md\nhttps://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/9.md#poc\nhttps://www.totolink.net/",
    "id": "CVE-2025-8170",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "TOTOLINK T6 4.1.5cu.748_B20211015",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "T6",
    "version": "4.1.5cu.748_B20211015",
    "vendor": "TOTOLINK",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}