Details of VAR-202506-0508

ID

VAR-202506-0508

CVE

CVE-2025-5905

TITLE

TOTOLINK of t10 Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-007077

DESCRIPTION

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been rated as critical. Affected by this issue is the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument Password leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of t10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK T10 is a wireless router produced by TOTOLINK

Trust: 2.16

sources: NVD: CVE-2025-5905 // JVNDB: JVNDB-2025-007077 // CNVD: CNVD-2025-12750

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12750

AFFECTED PRODUCTS

vendor:	totolink	model:	t10	scope:	eq	version:	4.1.8cu.5207	Trust: 1.0
vendor:	totolink	model:	t10	scope:	eq	version:	t10 firmware 4.1.8cu.5207	Trust: 0.8
vendor:	totolink	model:	t10	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	t10	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	t10 4.1.8cu.5207	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-12750 // JVNDB: JVNDB-2025-007077 // NVD: CVE-2025-5905

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-5905
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-007077
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-12750
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-5905
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-007077
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-12750
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-5905
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-007077
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-12750 // JVNDB: JVNDB-2025-007077 // NVD: CVE-2025-5905

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-007077 // NVD: CVE-2025-5905

EXTERNAL IDS

db:	NVD	id:	CVE-2025-5905	Trust: 3.2
db:	VULDB	id:	311678	Trust: 2.4
db:	JVNDB	id:	JVNDB-2025-007077	Trust: 0.8
db:	CNVD	id:	CNVD-2025-12750	Trust: 0.6

sources: CNVD: CNVD-2025-12750 // JVNDB: JVNDB-2025-007077 // NVD: CVE-2025-5905

REFERENCES

url:	https://candle-throne-f75.notion.site/totolink-t10-setwifirepeatercfg-20bdf0aa118580bd8cd0da62d4d2e47f?pvs=73	Trust: 2.4
url:	https://vuldb.com/?id.311678	Trust: 2.4
url:	https://vuldb.com/?submit.592265	Trust: 2.4
url:	https://www.totolink.net/	Trust: 2.4
url:	https://vuldb.com/?ctiid.311678	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2025-5905	Trust: 0.8

sources: CNVD: CNVD-2025-12750 // JVNDB: JVNDB-2025-007077 // NVD: CVE-2025-5905

SOURCES

db:	CNVD	id:	CNVD-2025-12750
db:	JVNDB	id:	JVNDB-2025-007077
db:	NVD	id:	CVE-2025-5905

LAST UPDATE DATE

2025-06-19T23:23:48.026000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12750	date:	2025-06-18T00:00:00
db:	JVNDB	id:	JVNDB-2025-007077	date:	2025-06-17T01:44:00
db:	NVD	id:	CVE-2025-5905	date:	2025-06-16T14:21:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12750	date:	2025-06-17T00:00:00
db:	JVNDB	id:	JVNDB-2025-007077	date:	2025-06-17T00:00:00
db:	NVD	id:	CVE-2025-5905	date:	2025-06-10T00:15:22.653