TOTOLINK T6 MQTT Service recvSlaveStaInfo buffer overflow

July 19, 2025 invoker category_cve

CVE Details

Basic Information

Title	TOTOLINK T6 MQTT Service recvSlaveStaInfo buffer overflow
Type	cve
Published	2025-07-19T17:02:08.694Z
Modified	2025-07-19T17:02:08.694Z

Product Information

Vendor	TOTOLINK
Product	T6
Version	4.1.5cu.748_B20211015

CVSS Information

Base Score	8.7 (HIGH)
Attack Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Affected Products

TOTOLINK T6 4.1.5cu.748_B20211015

Additional Information

CWE List	CWE-120, CWE-119
Source	VulDB

Description

A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this issue is the function recvSlaveStaInfo of the component MQTT Service. The manipulation of the argument dest leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

References

https://vuldb.com/?id.316940
https://vuldb.com/?ctiid.316940
https://vuldb.com/?submit.617572
https://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/4.md
https://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/4.md#poc
https://www.totolink.net/

View Full CVE Details