{"id":6943,"date":"2025-06-16T16:25:15","date_gmt":"2025-06-16T16:25:15","guid":{"rendered":"http:\/\/localhost\/?p=6943"},"modified":"2025-06-16T16:25:15","modified_gmt":"2025-06-16T16:25:15","slug":"totolink-t10-http-post-request-cstecgicgi-setwizardcfg-buffer-overflow","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=6943","title":{"rendered":"TOTOLINK T10 HTTP POST Request cstecgi.cgi setWizardCfg buffer overflow"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nTOTOLINK T10 HTTP POST Request cstecgi.cgi setWizardCfg buffer overflow<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-16T20:31:09.003Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nTOTOLINK<\/td>\n<\/tr>\n
Product<\/th>\nT10<\/td>\n<\/tr>\n
Version<\/th>\n4.1.8cu.5207<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n8.7 (HIGH)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA critical buffer overflow vulnerability in TOTOLINK T10’s HTTP POST handler allows remote attackers to exploit the setWizardCfg function, potentially leading to system compromise. The exploit is publicly available, increasing the risk of attack.<\/td>\n<\/tr>\n
AI Severity<\/th>\nCritical<\/td>\n<\/tr>\n
Vendor<\/th>\nTOTOLINK<\/td>\n<\/tr>\n
Product<\/th>\nTOTOLINK T10<\/td>\n<\/tr>\n
Affected Version<\/th>\n4.1.8cu.5207<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n