CVE-2025-8170
Published: 25 July 2025
Summary
CVE-2025-8170 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink T6 Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
A critical buffer overflow vulnerability tracked as CVE-2025-8170 affects the TOTOLINK T6 router running firmware 4.1.5cu.748_B20211015. It resides in the tcpcheck_net function of the /router/meshSlaveDlfw file inside the MQTT Packet Handler component, where unsanitized input to the serverIp argument can overflow a buffer. The issue is assigned CWE-119 and CWE-120 and carries a CVSS 4.0 score of 7.4.
An authenticated attacker can trigger the flaw remotely by sending a crafted MQTT packet, resulting in high impact to confidentiality, integrity, and availability on the device. Public proof-of-concept code demonstrating the exploit has been released on GitHub.
The associated EPSS score remains flat at 0.0135 with no material increase since disclosure, indicating limited observed exploitation interest to date. Details and the PoC are documented in VulDB entries and the linked GitHub repository.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22753
Vulnerability details
A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. This vulnerability affects the function tcpcheck_net of the file /router/meshSlaveDlfw of the component MQTT Packet Handler. The manipulation of the argument serverIp leads to buffer overflow. The attack can…
more
be initiated remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote buffer overflow in the router's MQTT packet handler (/router/meshSlaveDlfw tcpcheck_net serverIp) enables exploitation of a public-facing web endpoint or remote service for remote code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates the serverIp argument in the tcpcheck_net function to prevent buffer overflow exploitation.
Implements memory safeguards like address space layout randomization and data execution prevention to mitigate buffer overflow leading to arbitrary code execution.
Requires timely remediation of the known buffer overflow flaw in the MQTT Packet Handler via firmware updates.