CVE Details
Basic Information
| Title | TOTOLINK T6 HTTP POST Request cstecgi.cgi clearPairCfg command injection |
|---|---|
| Type | cve |
| Published | 2025-07-14T15:14:06.624Z |
| Modified | 2025-07-14T15:35:45.427Z |
Product Information
| Vendor | TOTOLINK |
|---|---|
| Product | T6 |
| Version | 4.1.5cu.748 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A critical vulnerability exists in the TOTOLINK T6 router version 4.1.5cu.748. It allows remote attackers to inject commands via the clearPairCfg function in the cstecgi.cgi file when handling HTTP POST requests. This could lead to unauthorized access and system compromise. |
|---|---|
| AI Severity | Medium |
| AI Vendor | TOTOLINK |
| AI Product | TOTOLINK T6 |
| AI Version | 4.1.5cu.748 |
Affected Products
- TOTOLINK T6 4.1.5cu.748
Additional Information
| CWE List | CWE-77, CWE-74 |
|---|---|
| Source | VulDB |
Description
A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.