Cyber Resilience

CVE-2025-7758

HighPublic PoC

Published: 17 July 2025

Published
17 July 2025
Modified
23 July 2025
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0136 80.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7758 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink T6 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

A critical buffer overflow vulnerability exists in the TOTOLINK T6 wireless router firmware up to version 4.1.5cu.748_B20211015. The flaw resides in the setDiagnosisCfg function within the /cgi-bin/cstecgi.cgi endpoint that handles HTTP POST requests; unsanitized input supplied to the ip argument triggers the overflow, classified under CWE-119 and CWE-120.

An attacker with low-privileged network access can send a crafted POST request to the affected CGI handler and achieve remote code execution or a denial-of-service condition, resulting in high impact to confidentiality, integrity, and availability. The CVSS 4.0 vector reflects network attack reachability, low complexity, and no user interaction, and a functional proof-of-concept has already been published.

Public references consist of exploit details hosted on GitHub and corresponding Vuldb entries, but no vendor advisory or firmware patch is referenced. The associated EPSS score remains low at approximately 0.0136 with negligible movement from its recorded peak, indicating limited observed exploitation interest to date.

EU & UK References

Vulnerability details

A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748_B20211015. Affected by this issue is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument…

more

ip leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in the router's public-facing web interface (/cgi-bin/cstecgi.cgi setDiagnosisCfg) via HTTP POST enables remote exploitation of a public-facing application for potential RCE.

CVEs Like This One

CVE-2025-7460Same product: Totolink T6
CVE-2025-7837Same product: Totolink T6
CVE-2025-8170Same product: Totolink T6
CVE-2025-7912Same product: Totolink T6
CVE-2025-7913Same product: Totolink T6
CVE-2025-7614Same product: Totolink T6
CVE-2025-7524Same product: Totolink T6
CVE-2025-7952Same product: Totolink T6
CVE-2025-7613Same product: Totolink T6
CVE-2025-7525Same product: Totolink T6

Affected Assets

totolink
t6 firmware
v4.1.5cu.748_b20211015

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely flaw remediation, such as patching the buffer overflow in setDiagnosisCfg, to eliminate the vulnerability entirely.

prevent

Mandates validation of the manipulated 'ip' argument in HTTP POST requests to /cgi-bin/cstecgi.cgi to prevent buffer overflows.

prevent

Implements memory protections like stack canaries, ASLR, and DEP to block exploitation of buffer overflows for arbitrary code execution.

References