Details of VAR-202506-0532

ID

VAR-202506-0532

CVE

CVE-2025-5902

TITLE

TOTOLINK of t10 Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-007108

DESCRIPTION

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument slaveIpList leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of t10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK T10 is a wireless router produced by TOTOLINK. A remote attacker can exploit this vulnerability to trigger a buffer overflow by manipulating the slaveIpList parameter

Trust: 2.16

sources: NVD: CVE-2025-5902 // JVNDB: JVNDB-2025-007108 // CNVD: CNVD-2025-12748

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12748

AFFECTED PRODUCTS

vendor:	totolink	model:	t10	scope:	eq	version:	4.1.8cu.5207	Trust: 1.0
vendor:	totolink	model:	t10	scope:	eq	version:	t10 firmware 4.1.8cu.5207	Trust: 0.8
vendor:	totolink	model:	t10	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	t10	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	t10 4.1.8cu.5207	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-12748 // JVNDB: JVNDB-2025-007108 // NVD: CVE-2025-5902

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-5902
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-007108
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-12748
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-5902
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-007108
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-12748
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-5902
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-007108
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-12748 // JVNDB: JVNDB-2025-007108 // NVD: CVE-2025-5902

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-007108 // NVD: CVE-2025-5902

EXTERNAL IDS

db:	NVD	id:	CVE-2025-5902	Trust: 3.2
db:	VULDB	id:	311675	Trust: 2.4
db:	JVNDB	id:	JVNDB-2025-007108	Trust: 0.8
db:	CNVD	id:	CNVD-2025-12748	Trust: 0.6

sources: CNVD: CNVD-2025-12748 // JVNDB: JVNDB-2025-007108 // NVD: CVE-2025-5902

REFERENCES

url:	https://candle-throne-f75.notion.site/totolink-t10-setupgradefw-20bdf0aa11858089bc28f634bb140d00	Trust: 2.4
url:	https://vuldb.com/?id.311675	Trust: 2.4
url:	https://vuldb.com/?submit.592246	Trust: 2.4
url:	https://www.totolink.net/	Trust: 2.4
url:	https://vuldb.com/?ctiid.311675	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2025-5902	Trust: 0.8

sources: CNVD: CNVD-2025-12748 // JVNDB: JVNDB-2025-007108 // NVD: CVE-2025-5902

SOURCES

db:	CNVD	id:	CNVD-2025-12748
db:	JVNDB	id:	JVNDB-2025-007108
db:	NVD	id:	CVE-2025-5902

LAST UPDATE DATE

2025-06-19T23:40:41.678000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12748	date:	2025-06-18T00:00:00
db:	JVNDB	id:	JVNDB-2025-007108	date:	2025-06-17T02:59:00
db:	NVD	id:	CVE-2025-5902	date:	2025-06-16T14:32:27.833

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12748	date:	2025-06-17T00:00:00
db:	JVNDB	id:	JVNDB-2025-007108	date:	2025-06-17T00:00:00
db:	NVD	id:	CVE-2025-5902	date:	2025-06-09T23:15:22.617