TOTOLINK T6 MQTT Packet wireless.so ckeckKeepAlive command injection_CVE-2025-7952

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-7952

Source VulDB

Published Jul 22, 2025 at 03:02

Modified Jul 22, 2025 at 18:20

Affected Product

Vendor TOTOLINK

Product T6

Version 4.1.5cu.748

Affected Versions TOTOLINK T6 4.1.5cu.748

CWE Classification

CWE-77 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-07-22T03:02:06.302Z",
    "modified": "2025-07-22T18:20:24.625Z",
    "type": "cve",
    "title": "TOTOLINK T6 MQTT Packet wireless.so ckeckKeepAlive command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.317098\nhttps://vuldb.com/?ctiid.317098\nhttps://vuldb.com/?submit.619319\nhttps://github.com/ElvisBlue/Public/blob/main/Vuln/7.md\nhttps://github.com/ElvisBlue/Public/blob/main/Vuln/7.md#poc\nhttps://www.totolink.net/",
    "id": "CVE-2025-7952",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "TOTOLINK T6 4.1.5cu.748",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "T6",
    "version": "4.1.5cu.748",
    "vendor": "TOTOLINK",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}