Cyber Posture

CVE-2025-7913

HighPublic PoC

Published: 21 July 2025

Published
21 July 2025
Modified
23 July 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0065 70.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7913 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink T6 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 29.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Enforces validation of the serverIp argument in the updateWifiInfo function, directly preventing buffer overflow exploitation.

SI-16 Memory Protection good match
prevent

Implements memory protections such as stack canaries, ASLR, and DEP to mitigate buffer overflow attempts in the MQTT service.

SI-2 Flaw Remediation good match
prevent

Requires timely remediation of the buffer overflow flaw in TOTOLINK T6 firmware via patching or upgrades.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

Buffer overflow in remote MQTT service enables exploitation of remote services for RCE on the device.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. Affected is the function updateWifiInfo of the component MQTT Service. The manipulation of the argument serverIp leads to buffer overflow. It is possible to launch the attack…

more

remotely. The exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-7913 is a critical buffer overflow vulnerability (CWE-119, CWE-120) affecting the updateWifiInfo function in the MQTT Service component of TOTOLINK T6 firmware version 4.1.5cu.748_B20211015. The issue arises from manipulation of the serverIp argument, enabling a remotely exploitable condition with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Attackers with low privileges, such as authenticated users on the network, can exploit this vulnerability remotely without user interaction. Successful exploitation triggers a buffer overflow, potentially allowing arbitrary code execution, data compromise, or denial of service, with high impacts on confidentiality, integrity, and availability.

VulDB advisories and referenced sources, including GitHub repositories, confirm the exploit has been publicly disclosed, with a proof-of-concept available that demonstrates the buffer overflow via the serverIp argument. No specific patches or mitigations are detailed in the provided references.

Details

CWE(s)
CWE-119CWE-120

Affected Products

totolink
t6 firmware
v4.1.5cu.748_b20211015

CVEs Like This One

CVE-2025-8170Same product: Totolink T6
CVE-2025-7912Same product: Totolink T6
CVE-2025-7460Same product: Totolink T6
CVE-2025-7758Same product: Totolink T6
CVE-2025-7837Same product: Totolink T6
CVE-2025-7862Same product: Totolink T6
CVE-2025-7615Same product: Totolink T6
CVE-2025-7614Same product: Totolink T6
CVE-2025-7524Same product: Totolink T6
CVE-2025-7613Same product: Totolink T6

References