CVE-2025-6137 | TOTOLINK T10 4.1.8cu.5207 HTTP POST Request /cgi-bin/cstecgi.cgi setWiFiScheduleCfg desc buffer overflow

Inserito da Angelo Barbosa | Giu 15, 2025 | CVE

A vulnerability classified as critical has been found in TOTOLINK T10 4.1.8cu.5207. Affected is the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument desc leads to buffer overflow.

This vulnerability is traded as CVE-2025-6137. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2025-6137 | TOTOLINK T10 4.1.8cu.5207 HTTP POST Request /cgi-bin/cstecgi.cgi setWiFiScheduleCfg desc buffer overflow

Post correlati

CVE-2023-45289 | net-http-cookiejar up to 1.21.7/1.22.0 on Go HTTP Header information disclosure

CVE-2024-6457 | HUSKY Plugin up to 1.3.6 on WordPress sql injection

CVE-2024-6374 | lahirudanushka School Management System 1.0.0/1.0.1 Subject Page /subject.php Subject Title/Sybillus Details cross site scripting

CVE-2024-11900 | Portfolio Plugin up to 1.2.2 on WordPress cross site scripting