{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6138", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-15T10:52:10.120Z", "datePublished": "2025-06-16T20:31:09.003Z", "dateUpdated": "2025-06-17T15:25:12.912Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-16T20:31:09.003Z"}, "title": "TOTOLINK T10 HTTP POST Request cstecgi.cgi setWizardCfg buffer overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "TOTOLINK", "product": "T10", "versions": [{"version": "4.1.8cu.5207", "status": "affected"}], "modules": ["HTTP POST Request Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "In TOTOLINK T10 4.1.8cu.5207 wurde eine kritische Schwachstelle entdeckt. Betroffen ist die Funktion setWizardCfg der Datei /cgi-bin/cstecgi.cgi der Komponente HTTP POST Request Handler. Durch das Beeinflussen des Arguments ssid5g mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-06-15T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-15T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-15T12:57:19.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "ysnlrh (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.312607", "name": "VDB-312607 | TOTOLINK T10 HTTP POST Request cstecgi.cgi setWizardCfg buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.312607", "name": "VDB-312607 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.592917", "name": "Submit #592917 | TOTOLINK T10 V2_Firmware V2_V4.1.8cu.5207 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://candle-throne-f75.notion.site/TOTOLINK-T10-setWizardCfg-20ddf0aa1185808892f1dbbf63e6a153?pvs=73", "tags": ["exploit"]}, {"url": "https://www.totolink.net/", "tags": ["product"]}]}, "adp": [{"references": [{"url": "https://candle-throne-f75.notion.site/TOTOLINK-T10-setWizardCfg-20ddf0aa1185808892f1dbbf63e6a153", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-17T15:24:57.558171Z", "id": "CVE-2025-6138", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T15:25:12.912Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "TOTOLINK T10 HTTP POST Request cstecgi.cgi setWizardCfg buffer overflow", "credits": [{"lang": "en", "type": "reporter", "value": "ysnlrh (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "TOTOLINK", "modules": ["HTTP POST Request Handler"], "product": "T10", "versions": [{"status": "affected", "version": "4.1.8cu.5207"}]}], "timeline": [{"lang": "en", "time": "2025-06-15T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-06-15T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-15T12:57:19.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.312607", "name": "VDB-312607 | TOTOLINK T10 HTTP POST Request cstecgi.cgi setWizardCfg buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.312607", "name": "VDB-312607 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.592917", "name": "Submit #592917 | TOTOLINK T10 V2_Firmware V2_V4.1.8cu.5207 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://candle-throne-f75.notion.site/TOTOLINK-T10-setWizardCfg-20ddf0aa1185808892f1dbbf63e6a153?pvs=73", "tags": ["exploit"]}, {"url": "https://www.totolink.net/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "In TOTOLINK T10 4.1.8cu.5207 wurde eine kritische Schwachstelle entdeckt. Betroffen ist die Funktion setWizardCfg der Datei /cgi-bin/cstecgi.cgi der Komponente HTTP POST Request Handler. Durch das Beeinflussen des Arguments ssid5g mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-16T20:31:09.003Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6138", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-17T15:24:57.558171Z"}}}], "references": [{"url": "https://candle-throne-f75.notion.site/TOTOLINK-T10-setWizardCfg-20ddf0aa1185808892f1dbbf63e6a153", "tags": ["exploit"]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2025-06-17T15:25:07.624Z"}}]}, "cveMetadata": {"cveId": "CVE-2025-6138", "state": "PUBLISHED", "dateUpdated": "2025-06-16T20:31:09.003Z", "dateReserved": "2025-06-15T10:52:10.120Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-06-16T20:31:09.003Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:totolink:t10_firmware:4.1.8cu.5207:*:*:*:*:*:*:*", "matchCriteriaId": "256F9D43-3753-4557-92C0-744E09076B4C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:totolink:t10:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C410805-E3D4-4F8C-8DF4-013ACE3937FA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en TOTOLINK T10 4.1.8cu.5207. Esta vulnerabilidad afecta la funci\u00f3n setWizardCfg del archivo /cgi-bin/cstecgi.cgi del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento ssid5g provoca un desbordamiento del b\u00fafer. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."}], "id": "CVE-2025-6138", "lastModified": "2025-06-20T14:34:32.397", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-06-16T21:15:24.323", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://candle-throne-f75.notion.site/TOTOLINK-T10-setWizardCfg-20ddf0aa1185808892f1dbbf63e6a153?pvs=73"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.312607"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.312607"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.592917"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.totolink.net/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://candle-throne-f75.notion.site/TOTOLINK-T10-setWizardCfg-20ddf0aa1185808892f1dbbf63e6a153"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-120"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}