CVE-2025-7862
Published: 20 July 2025
Summary
CVE-2025-7862 is a high-severity Improper Authentication (CWE-287) vulnerability in Totolink T6 Firmware. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Session content review can reveal authentication bypasses or failures in session establishment.
Assessments check authentication mechanisms for correct implementation and effectiveness, reducing successful authentication bypass attempts.
Documented IA policy and procedures require proper authentication mechanisms to be defined and followed, reducing improper authentication.
Requires adaptive authentication under specific conditions, directly strengthening authentication mechanisms against improper or insufficient authentication.
Identity providers centralize and enforce authentication mechanisms, reducing improper authentication.
Requires unique identification and authentication of organizational users, directly preventing improper authentication.
Enforces unique device identification and authentication before any connection is established, directly mitigating improper authentication weaknesses.
Directly requires implementation of compliant authentication mechanisms to cryptographic modules, preventing improper authentication.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote exploitation of public-facing web CGI enables Telnet service activation on the router, facilitating public-facing app exploitation (T1190), remote service exploitation (T1210), and subsequent network device CLI access via Telnet (T1059.008).
NVD Description
A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument telnet_enabled with the input 1…
more
leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-7862 is a critical vulnerability affecting the TOTOLINK T6 router on firmware version 4.1.5cu.748_B20211015. It targets the setTelnetCfg function within the /cgi-bin/cstecgi.cgi file of the Telnet Service component, where manipulation of the telnet_enabled argument to the value 1 results in missing authentication. Published on 2025-07-20, the issue carries a CVSS 3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and is linked to CWE-287 (Improper Authentication) and CWE-306 (Missing Authentication for Critical Function).
The vulnerability enables remote exploitation by unauthenticated attackers with low complexity and no user interaction required. By sending a crafted request to enable Telnet, attackers bypass authentication controls, potentially gaining low-level access to confidentiality, integrity, and availability impacts on the affected device.
Advisories and references, including GitHub disclosures at https://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/5.md (with a POC at #poc-http) and VulDB entries at https://vuldb.com/?ctiid.316975, https://vuldb.com/?id.316975, and https://vuldb.com/?submit.617643, confirm the exploit has been publicly disclosed and may be actively used. No specific patch or mitigation details are detailed in the provided information.
Details
- CWE(s)