{"id":8169,"date":"2025-07-14T10:55:24","date_gmt":"2025-07-14T10:55:24","guid":{"rendered":"http:\/\/localhost\/?p=8169"},"modified":"2025-07-14T10:55:24","modified_gmt":"2025-07-14T10:55:24","slug":"totolink-t6-http-post-request-cstecgicgi-clearpaircfg-command-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=8169","title":{"rendered":"TOTOLINK T6 HTTP POST Request cstecgi.cgi clearPairCfg command injection"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nTOTOLINK T6 HTTP POST Request cstecgi.cgi clearPairCfg command injection<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-14T15:14:06.624Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-14T15:35:45.427Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nTOTOLINK<\/td>\n<\/tr>\n
Product<\/th>\nT6<\/td>\n<\/tr>\n
Version<\/th>\n4.1.5cu.748<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n5.3 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:L\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA critical vulnerability exists in the TOTOLINK T6 router version 4.1.5cu.748. It allows remote attackers to inject commands via the clearPairCfg function in the cstecgi.cgi file when handling HTTP POST requests. This could lead to unauthorized access and system compromise.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
AI Vendor<\/th>\nTOTOLINK<\/td>\n<\/tr>\n
AI Product<\/th>\nTOTOLINK T6<\/td>\n<\/tr>\n
AI Version<\/th>\n4.1.5cu.748<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n