VDB-311675 · CVE-2025-5902 · EUVD-2025-17589

TOTOLINK T10 4.1.8cu.5207 POST Request /cgi-bin/cstecgi.cgi setUpgradeFW slaveIpList ବଫର୍ ଓଭରଫ୍ଲୋ

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu TOTOLINK T10 4.1.8cu.5207 keessatti argameera. Miidhamni argame is hojii setUpgradeFW faayilii /cgi-bin/cstecgi.cgi keessa kutaa POST Request Handler keessa. Wanti jijjiirame irratti slaveIpList gara ବଫର୍ ଓଭରଫ୍ଲୋ geessa. Rakkoo ibsuuf CWE yoo fayyadamte gara CWE-120 si geessa. Odeeffannoon kun yeroo 06/09/2025 maxxanfameera. Odeeffannoon kun buufachuuf candle-throne-f75.notion.site irratti argama. Dogoggorri kun CVE-2025-5902 jedhamee waamama. Weerara fageenya irraa jalqabuu ni danda'ama. Ibsa teeknikaa ni jira. Waan dabalataa ta’een, meeshaa balaa kana fayyadamuuf ni jira. Qorannoo miidhaa (exploit) uummataaf ifa taasifameera, kanaafis fayyadamuu ni danda'ama. Ammas, gatii exploit might be approx. USD $0-$5k yeroo ammaa irratti argamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ ta’uu isaa ibsameera. Exploit candle-throne-f75.notion.site irraa buufachuun ni danda'ama. Akka 0-daytti, gatiin isaa daldala dhoksaa keessatti $0-$5k akka ta'e tilmaamameera. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

4 ଆଡାପ୍ଟେସନ୍ · 90 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 06/09/2025 10:03 AM	ଅଦ୍ୟତନ 1/3 06/10/2025 02:14 AM	ଅଦ୍ୟତନ 2/3 06/10/2025 12:26 PM	ଅଦ୍ୟତନ 3/3 06/16/2025 04:46 PM
software_vendor	TOTOLINK	TOTOLINK	TOTOLINK	TOTOLINK
software_name	T10	T10	T10	T10
software_version	4.1.8cu.5207	4.1.8cu.5207	4.1.8cu.5207	4.1.8cu.5207
software_component	POST Request Handler	POST Request Handler	POST Request Handler	POST Request Handler
software_file	/cgi-bin/cstecgi.cgi	/cgi-bin/cstecgi.cgi	/cgi-bin/cstecgi.cgi	/cgi-bin/cstecgi.cgi
software_function	setUpgradeFW	setUpgradeFW	setUpgradeFW	setUpgradeFW
software_argument	slaveIpList	slaveIpList	slaveIpList	slaveIpList
vulnerability_cwe	CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	H	H	H	H
cvss3_vuldb_i	H	H	H	H
cvss3_vuldb_a	H	H	H	H
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://candle-throne-f75.notion.site/TOTOLINK-T10-setUpgradeFW-20bdf0aa11858089bc28f634bb140d00	https://candle-throne-f75.notion.site/TOTOLINK-T10-setUpgradeFW-20bdf0aa11858089bc28f634bb140d00	https://candle-throne-f75.notion.site/TOTOLINK-T10-setUpgradeFW-20bdf0aa11858089bc28f634bb140d00	https://candle-throne-f75.notion.site/TOTOLINK-T10-setUpgradeFW-20bdf0aa11858089bc28f634bb140d00
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://candle-throne-f75.notion.site/TOTOLINK-T10-setUpgradeFW-20bdf0aa11858089bc28f634bb140d00	https://candle-throne-f75.notion.site/TOTOLINK-T10-setUpgradeFW-20bdf0aa11858089bc28f634bb140d00	https://candle-throne-f75.notion.site/TOTOLINK-T10-setUpgradeFW-20bdf0aa11858089bc28f634bb140d00	https://candle-throne-f75.notion.site/TOTOLINK-T10-setUpgradeFW-20bdf0aa11858089bc28f634bb140d00
source_cve	CVE-2025-5902	CVE-2025-5902	CVE-2025-5902	CVE-2025-5902
cna_responsible	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	C	C	C	C
cvss2_vuldb_ii	C	C	C	C
cvss2_vuldb_ai	C	C	C	C
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	H	H	H	H
cvss4_vuldb_vi	H	H	H	H
cvss4_vuldb_va	H	H	H	H
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	9.0	9.0	9.0	9.0
cvss2_vuldb_tempscore	7.7	7.7	7.7	7.7
cvss3_vuldb_basescore	8.8	8.8	8.8	8.8
cvss3_vuldb_tempscore	8.0	8.0	8.0	8.0
cvss3_meta_basescore	8.8	8.8	8.8	8.8
cvss3_meta_tempscore	8.0	8.0	8.4	8.4
cvss4_vuldb_bscore	8.7	8.7	8.7	8.7
cvss4_vuldb_btscore	7.4	7.4	7.4	7.4
advisory_date	1749420000 (06/09/2025)	1749420000 (06/09/2025)	1749420000 (06/09/2025)	1749420000 (06/09/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
euvd_id		EUVD-2025-17589	EUVD-2025-17589	EUVD-2025-17589
cve_nvd_summary			A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument slaveIpList leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument slaveIpList leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av			N	N
cvss4_cna_ac			L	L
cvss4_cna_at			N	N
cvss4_cna_pr			L	L
cvss4_cna_ui			N	N
cvss4_cna_vc			H	H
cvss4_cna_vi			H	H
cvss4_cna_va			H	H
cvss4_cna_sc			N	N
cvss4_cna_si			N	N
cvss4_cna_sa			N	N
cvss4_cna_bscore			8.7	8.7
cvss3_cna_av			N	N
cvss3_cna_ac			L	L
cvss3_cna_pr			L	L
cvss3_cna_ui			N	N
cvss3_cna_s			U	U
cvss3_cna_c			H	H
cvss3_cna_i			H	H
cvss3_cna_a			H	H
cvss3_cna_basescore			8.8	8.8
cvss2_cna_av			N	N
cvss2_cna_ac			L	L
cvss2_cna_au			S	S
cvss2_cna_ci			C	C
cvss2_cna_ii			C	C
cvss2_cna_ai			C	C
cvss2_cna_basescore			9	9
cve_nvd_summaryes				Se encontró una vulnerabilidad en TOTOLINK T10 4.1.8cu.5207, clasificada como crítica. Este problema afecta a la función setUpgradeFW del archivo /cgi-bin/cstecgi.cgi del componente POST Request Handler. La manipulación del argumento "slaveIpList" provoca un desbordamiento del búfer. El ataque puede iniciarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Might our Artificial Intelligence support you?

Check our Alexa App!