CVE-2025-7614 | TOTOLINK T6 4.1.5cu.748 HTTP POST Request /cgi-bin/cstecgi.cgi delDevice ipAddr command injection

Inserito da Angelo Barbosa | Lug 13, 2025 | CVE

A vulnerability classified as critical has been found in TOTOLINK T6 4.1.5cu.748. Affected is the function delDevice of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ipAddr leads to command injection.

This vulnerability is traded as CVE-2025-7614. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2025-7614 | TOTOLINK T6 4.1.5cu.748 HTTP POST Request /cgi-bin/cstecgi.cgi delDevice ipAddr command injection

Post correlati

CVE-2024-31695 | Binance BTC, Crypto and NFTS 2.85.4 Fingerprint Authentication access control

CVE-2024-6391 | oik Plugin up to 4.10.3 on WordPress Shortcode bw_button cross site scripting

CVE-2023-7030 | Collapse-O-Matic Plugin up to 1.8.5.5 on WordPress Shortcode cross site scripting

CVE-2024-8529 | LearnPress Plugin up to 4.2.7 on WordPress c_fields sql injection