CVE-2025-7758
Published: 17 July 2025
Summary
CVE-2025-7758 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink T6 Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
A critical buffer overflow vulnerability exists in the TOTOLINK T6 wireless router firmware up to version 4.1.5cu.748_B20211015. The flaw resides in the setDiagnosisCfg function within the /cgi-bin/cstecgi.cgi endpoint that handles HTTP POST requests; unsanitized input supplied to the ip argument triggers the overflow, classified under CWE-119 and CWE-120.
An attacker with low-privileged network access can send a crafted POST request to the affected CGI handler and achieve remote code execution or a denial-of-service condition, resulting in high impact to confidentiality, integrity, and availability. The CVSS 4.0 vector reflects network attack reachability, low complexity, and no user interaction, and a functional proof-of-concept has already been published.
Public references consist of exploit details hosted on GitHub and corresponding Vuldb entries, but no vendor advisory or firmware patch is referenced. The associated EPSS score remains low at approximately 0.0136 with negligible movement from its recorded peak, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21820
Vulnerability details
A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748_B20211015. Affected by this issue is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument…
more
ip leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in the router's public-facing web interface (/cgi-bin/cstecgi.cgi setDiagnosisCfg) via HTTP POST enables remote exploitation of a public-facing application for potential RCE.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely flaw remediation, such as patching the buffer overflow in setDiagnosisCfg, to eliminate the vulnerability entirely.
Mandates validation of the manipulated 'ip' argument in HTTP POST requests to /cgi-bin/cstecgi.cgi to prevent buffer overflows.
Implements memory protections like stack canaries, ASLR, and DEP to block exploitation of buffer overflows for arbitrary code execution.