2 matches found
CVE-2025-7525
CVE-2025-7525 affects TOTOLINK T6 (4.1.5cu.748_B20211015). The vulnerability lies in the HTTP POST Request Handler’s setTracerouteCfg function within /cgi-bin/cstecgi.cgi, where improper handling of the command parameter permits remote command injection. Multiple connected sources confirm the att...
CVE-2025-7525 TOTOLINK T6 HTTP POST Request cstecgi.cgi setTracerouteCfg command injection
A vulnerability was found in TOTOLINK T6 4.1.5cu.748B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument command leads to command injectio...