CVE-2025-7758

A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748_B20211015. Affected by this issue is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Published: Jul 18, 2025
Updated: Jul 24, 2025
CVE: CVE-2025-7758
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-119
CWE-120

Affected Software
References

Software	From	Fixed in
totolink / t6_firmware	4.1.5cu.748_b20211015	4.1.5cu.748_b20211015.x

https://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/3.md
https://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/3.md#poc
https://vuldb.com/?ctiid.316748
https://vuldb.com/?id.316748
https://vuldb.com/?submit.615734
https://www.totolink.net/

Vulnerability Database

CVE-2025-7758

Deep Security Visibility Without the Complexity