Sign-up

ID

VAR-202506-3401


CVE

CVE-2025-6916


TITLE

TOTOLINK  of  t6  Authentication vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-008137

DESCRIPTION

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. This affects the function Form_Login of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. TOTOLINK of t6 The firmware contains vulnerabilities related to authentication and lack of authentication for critical functions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-6916 // JVNDB: JVNDB-2025-008137

AFFECTED PRODUCTS

vendor:totolinkmodel:t6scope:eqversion:v4.1.5cu.748_b20211015

Trust: 1.0

vendor:totolinkmodel:t6scope: - version: -

Trust: 0.8

vendor:totolinkmodel:t6scope:eqversion:t6 firmware v4.1.5cu.748 b20211015

Trust: 0.8

vendor:totolinkmodel:t6scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-008137 // NVD: CVE-2025-6916

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-6916
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-008137
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2025-6916
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-008137
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-6916
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-008137
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-008137 // NVD: CVE-2025-6916

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:CWE-287

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [ others ]

Trust: 0.8

problemtype: Lack of authentication for critical features (CWE-306) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-008137 // NVD: CVE-2025-6916

EXTERNAL IDS

db:NVDid:CVE-2025-6916

Trust: 2.6

db:VULDBid:314409

Trust: 1.8

db:JVNDBid:JVNDB-2025-008137

Trust: 0.8

sources: JVNDB: JVNDB-2025-008137 // NVD: CVE-2025-6916

REFERENCES

url:https://github.com/c0nyy/iot_vuln/blob/main/totolink%20t6%20vuln.md

Trust: 1.8

url:https://vuldb.com/?id.314409

Trust: 1.8

url:https://vuldb.com/?submit.605101

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://vuldb.com/?ctiid.314409

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-6916

Trust: 0.8

sources: JVNDB: JVNDB-2025-008137 // NVD: CVE-2025-6916

SOURCES

db:JVNDBid:JVNDB-2025-008137
db:NVDid:CVE-2025-6916

LAST UPDATE DATE

2025-07-09T23:13:39.434000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-008137date:2025-07-08T02:14:00
db:NVDid:CVE-2025-6916date:2025-07-07T14:41:39.973

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-008137date:2025-07-08T00:00:00
db:NVDid:CVE-2025-6916date:2025-06-30T17:15:34.593