Details of VAR-202506-0488

ID

VAR-202506-0488

CVE

CVE-2025-5901

TITLE

TOTOLINK of t10 Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-007150

DESCRIPTION

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of t10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK T10 is a wireless router produced by TOTOLINK

Trust: 2.16

sources: NVD: CVE-2025-5901 // JVNDB: JVNDB-2025-007150 // CNVD: CNVD-2025-12747

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12747

AFFECTED PRODUCTS

vendor:	totolink	model:	t10	scope:	eq	version:	4.1.8cu.5207	Trust: 1.0
vendor:	totolink	model:	t10	scope:	eq	version:	t10 firmware 4.1.8cu.5207	Trust: 0.8
vendor:	totolink	model:	t10	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	t10	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	t10 4.1.8cu.5207	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-12747 // JVNDB: JVNDB-2025-007150 // NVD: CVE-2025-5901

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-5901
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-007150
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-12747
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-5901
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-007150
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-12747
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-5901
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-007150
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-12747 // JVNDB: JVNDB-2025-007150 // NVD: CVE-2025-5901

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-007150 // NVD: CVE-2025-5901

EXTERNAL IDS

db:	NVD	id:	CVE-2025-5901	Trust: 3.2
db:	VULDB	id:	311674	Trust: 2.4
db:	JVNDB	id:	JVNDB-2025-007150	Trust: 0.8
db:	CNVD	id:	CNVD-2025-12747	Trust: 0.6

sources: CNVD: CNVD-2025-12747 // JVNDB: JVNDB-2025-007150 // NVD: CVE-2025-5901

REFERENCES

url:	https://candle-throne-f75.notion.site/totolink-t10-uploadcustommodule-20bdf0aa118580d59961cd545582c118	Trust: 2.4
url:	https://vuldb.com/?id.311674	Trust: 2.4
url:	https://vuldb.com/?submit.592243	Trust: 2.4
url:	https://www.totolink.net/	Trust: 2.4
url:	https://vuldb.com/?ctiid.311674	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2025-5901	Trust: 0.8

sources: CNVD: CNVD-2025-12747 // JVNDB: JVNDB-2025-007150 // NVD: CVE-2025-5901

SOURCES

db:	CNVD	id:	CNVD-2025-12747
db:	JVNDB	id:	JVNDB-2025-007150
db:	NVD	id:	CVE-2025-5901

LAST UPDATE DATE

2025-06-19T23:33:16.988000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12747	date:	2025-06-18T00:00:00
db:	JVNDB	id:	JVNDB-2025-007150	date:	2025-06-17T04:41:00
db:	NVD	id:	CVE-2025-5901	date:	2025-06-16T14:36:39.083

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12747	date:	2025-06-17T00:00:00
db:	JVNDB	id:	JVNDB-2025-007150	date:	2025-06-17T00:00:00
db:	NVD	id:	CVE-2025-5901	date:	2025-06-09T23:15:22.433