CVE Details
Basic Information
| Title | TOTOLINK T6 MQTT Packet wireless.so ckeckKeepAlive command injection |
|---|---|
| Type | cve |
| Published | 2025-07-22T03:02:06.302Z |
| Modified | 2025-07-22T03:02:06.302Z |
Product Information
| Vendor | TOTOLINK |
|---|---|
| Product | T6 |
| Version | 4.1.5cu.748 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A critical command injection vulnerability was found in the TOTOLINK T6 router’s MQTT packet handler, allowing remote attackers to execute arbitrary commands via the ckeckKeepAlive function in wireless.so. |
|---|---|
| AI Severity | High |
| AI Vendor | TOTOLINK |
| AI Product | TOTOLINK T6 |
| AI Version | 4.1.5cu.748 |
Affected Products
- TOTOLINK T6 4.1.5cu.748
Additional Information
| CWE List | CWE-77, CWE-74 |
|---|---|
| Source | VulDB |
Description
A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.