CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3630 matches found

NVD•added 2025/07/14 4:15 p.m.•4 views

CVE-2025-7615

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be...

8.8CVSS0.04554EPSS

Exploits1References6

NVD•added 2025/07/14 3:15 p.m.•4 views

CVE-2025-7614

A vulnerability classified as critical has been found in TOTOLINK T6 4.1.5cu.748. Affected is the function delDevice of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ipAddr leads to command injection. It is possible to launch the attack...

8.8CVSS0.04554EPSS

Exploits1References6

NVD•added 2025/07/14 3:15 p.m.•7 views

CVE-2025-7613

A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rated as critical. This issue affects the function CloudSrvVersionCheck of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack may be...

8.8CVSS0.04554EPSS

Exploits1References6

Vulnrichment•added 2025/07/14 3:14 p.m.•3 views

CVE-2025-7615 TOTOLINK T6 HTTP POST Request cstecgi.cgi clearPairCfg command injection

6.5CVSS7.8AI score0.04554EPSS

Exploits1References6

CVE•added 2025/07/14 3:14 p.m.•20 views

CVE-2025-7615

CVE-2025-7615 affects TOTOLINK T6 at version 4.1.5cu.748. The vulnerability is in the HTTP POST Request Handler, specifically the function clearPairCfg in the file /cgi-bin/cstecgi.cgi, where the ip argument can be manipulated to cause a command injection. The attack can be launched remotely and ...

8.8CVSS7.1AI score0.04554EPSS

Exploits1References6Affected Software1

Cvelist•added 2025/07/14 3:14 p.m.•10 views

CVE-2025-7615 TOTOLINK T6 HTTP POST Request cstecgi.cgi clearPairCfg command injection

6.5CVSS0.04554EPSS

Exploits1References6

Cvelist•added 2025/07/14 3:2 p.m.•8 views

CVE-2025-7614 TOTOLINK T6 HTTP POST Request cstecgi.cgi delDevice command injection

6.5CVSS0.04554EPSS

Exploits1References6

CVE•added 2025/07/14 3:2 p.m.•16 views

CVE-2025-7614

CVE-2025-7614 affects TOTOLINK T6 (4.1.5cu.748); the issue is in the HTTP POST Request Handler, specifically the delDevice function in /cgi-bin/cstecgi.cgi. By manipulating the ipAddr argument, an attacker can achieve command injection and potentially execute remote code. The exploit has been pub...

8.8CVSS7.9AI score0.04554EPSS

Exploits1References6Affected Software1

Vulnrichment•added 2025/07/14 3:2 p.m.•3 views

CVE-2025-7614 TOTOLINK T6 HTTP POST Request cstecgi.cgi delDevice command injection

6.5CVSS7AI score0.04554EPSS

Exploits1References6

Vulnrichment•added 2025/07/14 2:44 p.m.•3 views

CVE-2025-7613 TOTOLINK T6 HTTP POST Request cstecgi.cgi CloudSrvVersionCheck command injection

6.5CVSS7.8AI score0.04554EPSS

Exploits1References6

Cvelist•added 2025/07/14 2:44 p.m.•9 views

CVE-2025-7613 TOTOLINK T6 HTTP POST Request cstecgi.cgi CloudSrvVersionCheck command injection

6.5CVSS0.04554EPSS

Exploits1References6

CVE•added 2025/07/14 2:44 p.m.•17 views

CVE-2025-7613

Totolink T6 (version 4.1.5cu.748) is affected by a command-injection in CloudSrvVersionCheck (file /cgi-bin/cstecgi.cgi, HTTP POST Request Handler). The ip argument is mishandled, enabling remote command execution when crafted inputs are sent. Public exploitation is disclosed. Practical impact is...

8.8CVSS7.8AI score0.04554EPSS

Exploits1References6Affected Software1

RedhatCVE•added 2025/07/14 7:16 a.m.•3 views

CVE-2025-7465

A vulnerability classified as critical was found in Tenda FH1201 1.2.0.14. Affected by this vulnerability is the function fromRouteStatic of the file /goform/fromRouteStatic of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow. The attack can ...

9CVSS7.5AI score0.01103EPSS

Exploits1References1

RedhatCVE•added 2025/07/14 6:17 a.m.•12 views

CVE-2025-7463

A vulnerability was found in Tenda FH1201 1.2.0.14. It has been declared as critical. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP POST Request Handler. The manipulation of the argument mitssid leads to buffer overflow. The atta...

9CVSS8.9AI score0.01103EPSS

Exploits1References1

CNNVD•added 2025/07/14 12:0 a.m.•2 views

TOTOLINK T6 注入漏洞

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a command injection vulnerability that originates from the failure of the function delDevice's parameter ipAddr to correctly filter...

8.8CVSS6.8AI score0.04554EPSS

Exploits1References6

RedhatCVE•added 2025/07/13 10:8 p.m.•5 views

CVE-2025-7460

A vulnerability has been found in TOTOLINK T6 4.1.5cu.748B20211015 and classified as critical. Affected by this vulnerability is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow...

9CVSS7.4AI score0.01357EPSS

Exploits1References1

NVD•added 2025/07/13 10:15 a.m.•4 views

CVE-2025-7525

A vulnerability was found in TOTOLINK T6 4.1.5cu.748B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument command leads to command injectio...

8.8CVSS0.04474EPSS

Exploits1References7