VDB-316940 · CVE-2025-7837 · EUVD-2025-21970

TOTOLINK T6 4.1.5cu.748_B20211015 MQTT Service recvSlaveStaInfo dest Pufferüberlauf

Hakika vulnerability da aka rarraba a matsayin kura an gano a TOTOLINK T6 4.1.5cu.748_B20211015. Tabbas, aikin recvSlaveStaInfo ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil $software_file, a cikin sashi MQTT Service. Wuro manipulation of the argument dest ga Pufferüberlauf. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-120. Lalle, rauni an sanar da shi 07/18/2025. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2025-7837. Ngam yiɗi ka a tuma ndiyam ka internet. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a github.com. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get best quality of vulnerability data, you may have to visit VulDB.

4 Goyarwa · 89 Datenpunkte

Furɗe	Súgá 07/18/2025 21:34	Gargadi 1/3 07/19/2025 21:02	Gargadi 2/3 07/19/2025 21:49	Gargadi 3/3 07/24/2025 03:18
software_vendor	TOTOLINK	TOTOLINK	TOTOLINK	TOTOLINK
software_name	T6	T6	T6	T6
software_version	4.1.5cu.748_B20211015	4.1.5cu.748_B20211015	4.1.5cu.748_B20211015	4.1.5cu.748_B20211015
software_component	MQTT Service	MQTT Service	MQTT Service	MQTT Service
software_function	recvSlaveStaInfo	recvSlaveStaInfo	recvSlaveStaInfo	recvSlaveStaInfo
software_argument	dest	dest	dest	dest
vulnerability_cwe	CWE-120 (Pufferüberlauf)	CWE-120 (Pufferüberlauf)	CWE-120 (Pufferüberlauf)	CWE-120 (Pufferüberlauf)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	H	H	H	H
cvss3_vuldb_i	H	H	H	H
cvss3_vuldb_a	H	H	H	H
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/4.md	https://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/4.md	https://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/4.md	https://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/4.md
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/4.md#poc	https://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/4.md#poc	https://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/4.md#poc	https://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/4.md#poc
source_cve	CVE-2025-7837	CVE-2025-7837	CVE-2025-7837	CVE-2025-7837
cna_responsible	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	C	C	C	C
cvss2_vuldb_ii	C	C	C	C
cvss2_vuldb_ai	C	C	C	C
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	H	H	H	H
cvss4_vuldb_vi	H	H	H	H
cvss4_vuldb_va	H	H	H	H
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	9.0	9.0	9.0	9.0
cvss2_vuldb_tempscore	7.7	7.7	7.7	7.7
cvss3_vuldb_basescore	8.8	8.8	8.8	8.8
cvss3_vuldb_tempscore	8.0	8.0	8.0	8.0
cvss3_meta_basescore	8.8	8.8	8.8	8.8
cvss3_meta_tempscore	8.0	8.0	8.4	8.4
cvss4_vuldb_bscore	8.7	8.7	8.7	8.7
cvss4_vuldb_btscore	7.4	7.4	7.4	7.4
advisory_date	1752789600 (07/18/2025)	1752789600 (07/18/2025)	1752789600 (07/18/2025)	1752789600 (07/18/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
euvd_id		EUVD-2025-21970	EUVD-2025-21970	EUVD-2025-21970
cve_nvd_summary			A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this issue is the function recvSlaveStaInfo of the component MQTT Service. The manipulation of the argument dest leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.	A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this issue is the function recvSlaveStaInfo of the component MQTT Service. The manipulation of the argument dest leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av			N	N
cvss4_cna_ac			L	L
cvss4_cna_at			N	N
cvss4_cna_pr			L	L
cvss4_cna_ui			N	N
cvss4_cna_vc			H	H
cvss4_cna_vi			H	H
cvss4_cna_va			H	H
cvss4_cna_sc			N	N
cvss4_cna_si			N	N
cvss4_cna_sa			N	N
cvss4_cna_bscore			8.7	8.7
cvss3_cna_av			N	N
cvss3_cna_ac			L	L
cvss3_cna_pr			L	L
cvss3_cna_ui			N	N
cvss3_cna_s			U	U
cvss3_cna_c			H	H
cvss3_cna_i			H	H
cvss3_cna_a			H	H
cvss3_cna_basescore			8.8	8.8
cvss2_cna_av			N	N
cvss2_cna_ac			L	L
cvss2_cna_au			S	S
cvss2_cna_ci			C	C
cvss2_cna_ii			C	C
cvss2_cna_ai			C	C
cvss2_cna_basescore			9	9
cve_nvd_summaryes				Se encontró una vulnerabilidad en TOTOLINK T6 4.1.5cu.748_B20211015, clasificada como crítica. Este problema afecta a la función recvSlaveStaInfo del componente MQTT Service. La manipulación del argumento dest provoca un desbordamiento del búfer. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.

◂ Gurɗo Gumti Gada ▸

Do you know our Splunk app?

Download it now for free!