Vulnerability Database

296,869

Total vulnerabilities in the database

CVE-2025-6916

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. This affects the function Form_Login of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used.

Published: Jun 30, 2025
Updated: Jul 8, 2025
CVE: CVE-2025-6916
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
totolink / t6_firmware	4.1.5cu.748_b20211015	4.1.5cu.748_b20211015.x

https://github.com/c0nyy/IoT_vuln/blob/main/TOTOLINK%20T6%20Vuln.md
https://vuldb.com/?ctiid.314409
https://vuldb.com/?id.314409
https://vuldb.com/?submit.605101
https://www.totolink.net/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo