CVE-2025-6138 | TOTOLINK T10 4.1.8cu.5207 HTTP POST Request /cgi-bin/cstecgi.cgi setWizardCfg ssid5g buffer overflow

Inserito da Angelo Barbosa | Giu 15, 2025 | CVE

A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g leads to buffer overflow.

This vulnerability is known as CVE-2025-6138. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2025-6138 | TOTOLINK T10 4.1.8cu.5207 HTTP POST Request /cgi-bin/cstecgi.cgi setWizardCfg ssid5g buffer overflow

Post correlati

CVE-2024-46977 | OpenC3 cosmos up to 5.18.x LocalMode open_local_file path traversal (GHSA-8jxr-mccc-mwg8)

CVE-2024-11212 | SourceCodester Best Employee Management System 1.0 fetch_product_details.php barcode sql injection

CVE-2024-24043 | Speedy11CZ MCRPX up to 1.4.0 File path traversal

CVE-2024-20770 | Adobe Photoshop Desktop up to 24.7.2/25.3.1 out-of-bounds (apsb24-16)