- Description
- A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument command leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
- Source
- cna@vuldb.com
- NVD status
- Modified
CVSS 4.0
- Type
- Secondary
- Base score
- 5.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- cna@vuldb.com
- CWE-74
- Hype score
- Not currently trending
🚨 Critical Vulnerability Alert: CVE-2025-7525 🚨 A command injection flaw in TOTOLINK T6's HTTP POST Handler (version 4.1.5cu.748_B20211015) allows remote exploitation via the 'command' argument. 🎯 Patch ASAP! The exploit is public & may be used in-the-wild. #CyberSec
@SecAideInfo
15 Jul 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-7525 Command Injection Vulnerability in TOTOLINK T6 4.1.5cu.748_B20211015 Router https://t.co/7RJADZez7E
@VulmonFeeds
13 Jul 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-7525 A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /… https://t.co/q8Ec6sreyo
@CVEnew
13 Jul 2025
637 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:t6_firmware:v4.1.5cu.748_b20211015:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43CE0237-A087-41D7-9E63-ED62660C11BE"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:t6:3:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "61907F0F-5DE6-4E57-A938-263A6B6E53CE"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]