CVE-2025-7615 | TOTOLINK T6 4.1.5cu.748 HTTP POST Request /cgi-bin/cstecgi.cgi clearPairCfg ip command injection

Inserito da Angelo Barbosa | Lug 13, 2025 | CVE

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection.

This vulnerability is known as CVE-2025-7615. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2025-7615 | TOTOLINK T6 4.1.5cu.748 HTTP POST Request /cgi-bin/cstecgi.cgi clearPairCfg ip command injection

Post correlati

CVE-2023-7052 | PHPGurukul Online Notes Sharing System 1.0 /user/profile.php name cross-site request forgery

CVE-2024-5723 | Centreon prior 22.04.24/22.10.22/23.04.18/23.10.12/24.04.0 updateServiceHost sql injection

CVE-2024-5663 | Cards for Beaver Builder Plugin up to 1.1.3 on WordPress Cards Widget cross site scripting

CVE-2024-50825 | Kashipara E-Learning Management System Project 1.0 /admin/school_year.php school_year sql injection