CVE-2025-7862
Published: 20 July 2025
Summary
CVE-2025-7862 is a medium-severity Improper Authentication (CWE-287) vulnerability in Totolink T6 Firmware. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 43.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-17 (Remote Access).
Deeper analysis
CVE-2025-7862 is a critical vulnerability affecting the TOTOLINK T6 router on firmware version 4.1.5cu.748_B20211015. It targets the setTelnetCfg function within the /cgi-bin/cstecgi.cgi file of the Telnet Service component, where manipulation of the telnet_enabled argument to the value 1 results in missing authentication. Published on 2025-07-20, the issue carries a CVSS 3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and is linked to CWE-287 (Improper Authentication) and CWE-306 (Missing Authentication for Critical Function).
The vulnerability enables remote exploitation by unauthenticated attackers with low complexity and no user interaction required. By sending a crafted request to enable Telnet, attackers bypass authentication controls, potentially gaining low-level access to confidentiality, integrity, and availability impacts on the affected device.
Advisories and references, including GitHub disclosures at https://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/5.md (with a POC at #poc-http) and VulDB entries at https://vuldb.com/?ctiid.316975, https://vuldb.com/?id.316975, and https://vuldb.com/?submit.617643, confirm the exploit has been publicly disclosed and may be actively used. No specific patch or mitigation details are detailed in the provided information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21986
Vulnerability details
A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument telnet_enabled with the input 1…
more
leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote exploitation of public-facing web CGI enables Telnet service activation on the router, facilitating public-facing app exploitation (T1190), remote service exploitation (T1210), and subsequent network device CLI access via Telnet (T1059.008).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authentication and access policy on the setTelnetCfg function so that unauthenticated manipulation of telnet_enabled is blocked before Telnet can be enabled.
Requires explicit authorization and authentication mechanisms for all remote access services, preventing the unauthenticated remote enabling of Telnet described in the CVE.
Mandates identification and authentication of services before they are activated, directly addressing the missing authentication for the Telnet service configuration function.