CVE-2025-5905 TOTOLINK T10 POST Request cstecgi.cgi setWiFiRepeaterCfg buffer overflow

🗓️ 10 Jun 2025 00:00:18Reported by VulDBType

Critical buffer overflow in TOTOLINK T10 POST Request via cstecgi.cgi setWiFiRepeaterCfg function.

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the setWiFiRepeaterCfg() function in the microprogrammed software of the TOTOLink T10 routers allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.	13 Jun 202500:00	–	bdu_fstec
Circl	CVE-2025-5905	10 Jun 202500:33	–	circl
CNNVD	TOTOLINK T10 安全漏洞	9 Jun 202500:00	–	cnnvd
CNVD	TOTOLINK T10 Buffer Overflow Vulnerability	13 Jun 202500:00	–	cnvd
CVE	CVE-2025-5905	10 Jun 202500:00	–	cve
EUVD	EUVD-2025-17608	3 Oct 202520:07	–	euvd
NVD	CVE-2025-5905	10 Jun 202500:15	–	nvd
OSV	CVE-2025-5905	10 Jun 202500:15	–	osv
Positive Technologies	PT-2025-24582 · Totolink · Totolink T10	7 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-5905	12 Jun 202500:18	–	redhatcve

[
  {
    "vendor": "TOTOLINK",
    "product": "T10",
    "versions": [
      {
        "version": "4.1.8cu.5207",
        "status": "affected"
      }
    ],
    "modules": [
      "POST Request Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
candle-throne-f75	www.candle-throne-f75.notion.site/TOTOLINK-T10-setWiFiRepeaterCfg-20bdf0aa118580bd8cd0da62d4d2e47f
totolink	www.totolink.net/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

10 Jun 2025 00:00Current

CVSS 48.7

CVSS 3.18.8

CVSS 38.8

CVSS 29

EPSS0.01422