CVE-2025-6916 | TOTOLINK T6 4.1.5cu.748_B20211015 /formLoginAuth.htm Form_Login authCode/goURL missing authentication

Inserito da Angelo Barbosa | Giu 29, 2025 | CVE

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. This affects the function Form_Login of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication.

This vulnerability is uniquely identified as CVE-2025-6916. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.

It is recommended to apply restrictive firewalling.

CVE-2025-6916 | TOTOLINK T6 4.1.5cu.748_B20211015 /formLoginAuth.htm Form_Login authCode/goURL missing authentication

Post correlati

CVE-2024-48921 | Kyverno up to 1.12.x on Kubernetes improper authorization

CVE-2024-57184 | GPAC MP4Box 0.8.0 media_tools/mpegts.c gf_m2ts_process_pmt heap-based overflow (Issue 1421)

CVE-2023-6885 | Tongda OA 2017 up to 11.10 delete.php DELETE_STR sql injection

CVE-2024-24940 | JetBrains IntelliJ IDEA prior 2023.3.3 Archive Extraction path traversal