CVE-2025-7758
Published: 17 July 2025
Summary
CVE-2025-7758 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink T6 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely flaw remediation, such as patching the buffer overflow in setDiagnosisCfg, to eliminate the vulnerability entirely.
Mandates validation of the manipulated 'ip' argument in HTTP POST requests to /cgi-bin/cstecgi.cgi to prevent buffer overflows.
Implements memory protections like stack canaries, ASLR, and DEP to block exploitation of buffer overflows for arbitrary code execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in the router's public-facing web interface (/cgi-bin/cstecgi.cgi setDiagnosisCfg) via HTTP POST enables remote exploitation of a public-facing application for potential RCE.
NVD Description
A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748_B20211015. Affected by this issue is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument…
more
ip leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7758 is a critical buffer overflow vulnerability affecting TOTOLINK T6 routers with firmware versions up to 4.1.5cu.748_B20211015. The flaw exists in the setDiagnosisCfg function of the /cgi-bin/cstecgi.cgi file within the HTTP POST Request Handler component. It is triggered by manipulating the "ip" argument in a crafted request, as classified under CWE-119 and CWE-120.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), making it remotely exploitable over the network with low privileges, low complexity, and no user interaction required. An attacker with low-privileged access, such as an authenticated user, can send a malicious HTTP POST request to overflow the buffer, potentially achieving high impacts on confidentiality, integrity, and availability, including arbitrary code execution.
Advisories and a proof-of-concept exploit are publicly available, including details at https://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/3.md and https://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/3.md#poc, as well as VulDB entries at https://vuldb.com/?ctiid.316748, https://vuldb.com/?id.316748, and https://vuldb.com/?submit.615734. No specific patch or mitigation guidance is detailed in the disclosure.
Details
- CWE(s)