CVE-2025-7524 | TOTOLINK T6 4.1.5cu.748_B20211015 HTTP POST Request /cgi-bin/cstecgi.cgi setDiagnosisCfg ip command injection

Inserito da Angelo Barbosa | Lug 12, 2025 | CVE

A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection.

This vulnerability is uniquely identified as CVE-2025-7524. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2025-7524 | TOTOLINK T6 4.1.5cu.748_B20211015 HTTP POST Request /cgi-bin/cstecgi.cgi setDiagnosisCfg ip command injection

Post correlati

CVE-2025-26136 | mysiteforme 1.0/2.2.1 sql injection

CVE-2025-23181 | Ribbon Communications Apollo 9608 9.6R3 unnecessary privileges

CVE-2024-2355 | keerti1924 Secret-Coder-PHP-Project 1.0 /secret_coder.sql inclusion of sensitive information in source code

CVE-2024-37349 | Absolute Secure Access up to 13.05 Management UI cross site scripting