CVE-2025-7862 | TOTOLINK T6 4.1.5cu.748_B20211015 Telnet Service /cgi-bin/cstecgi.cgi setTelnetCfg telnet_enabled missing authentication

A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument telnet_enabled with the input 1 leads to missing authentication.

This vulnerability is known as CVE-2025-7862. The attack can be launched remotely. Furthermore, there is an exploit available.

It is recommended to apply restrictive firewalling.

CVE-2025-7862 | TOTOLINK T6 4.1.5cu.748_B20211015 Telnet Service /cgi-bin/cstecgi.cgi setTelnetCfg telnet_enabled missing authentication

Post correlati

CVE-2023-41613 | EzViz Studio 2.2.0 uncontrolled search path (ID 175684)

CVE-2024-4176 | Trellix EDR UI XConsole cross site scripting

CVE-2024-39173 | calculator-boilerplate 1.0 /routes/calculator.js eval input injection

CVE-2024-4109 | Red Hat Undertow HTTP/2 Request Header information disclosure