CVE-2025-7525 | TOTOLINK T6 4.1.5cu.748_B20211015 HTTP POST Request /cgi-bin/cstecgi.cgi setTracerouteCfg command command injection

Inserito da Angelo Barbosa | Lug 12, 2025 | CVE

A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument command leads to command injection.

This vulnerability was named CVE-2025-7525. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2025-7525 | TOTOLINK T6 4.1.5cu.748_B20211015 HTTP POST Request /cgi-bin/cstecgi.cgi setTracerouteCfg command command injection

Post correlati

CVE-2024-26905 | Linux Kernel up to 6.1.82/6.6.22/6.7.10 btrfs space_info.c need_preemptive_reclaim race condition

CVE-2023-6735 | Checkmk up to 2.0.0p38/2.1.0p36/2.2.0p16 mk_tsm Agent Plugin input validation

CVE-2024-7770 | Bit File Manager Plugin up to 6.5.5 on WordPress unrestricted upload

CVE-2024-41464 | Tenda FH1201 1.2.0.14 ip/goform/RouteStatic mitInterface stack-based overflow