CVE Details
Basic Information
| Title | TOTOLINK T10 POST Request cstecgi.cgi setWiFiAclRules buffer overflow |
|---|---|
| Type | cve |
| Published | 2025-06-09T23:31:07.307Z |
| Last Seen |
Product Information
| Vendor | TOTOLINK |
|---|---|
| Product | T10 |
| Version | 4.1.8cu.5207 |
CVSS Information
| Base Score | 8.7 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in TOTOLINK T10 4.1.8cu.5207 allows remote attackers to execute arbitrary code via a buffer overflow in the setWiFiAclRules function of the POST request handler. The vulnerability is due to improper handling of the ‘desc’ argument in the /cgi-bin/cstecgi.cgi script. The exploit has been publicly disclosed and may be actively used. |
|---|---|
| AI Severity | High |
| Vendor | TOTOLINK |
| Product | T10 |
| Affected Version | 4.1.8cu.5207 |
Affected Products
- TOTOLINK T10 4.1.8cu.5207
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-120, CWE-119 |
| Bulletin Family |
References
Description
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.