Details of VAR-202507-2330

ID

VAR-202507-2330

CVE

CVE-2025-7862

TITLE

TOTOLINK of t6 Authentication vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-009715

DESCRIPTION

A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument telnet_enabled with the input 1 leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of t6 The firmware contains vulnerabilities related to authentication and lack of authentication for critical functions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK T6 is a wireless dual-band router released by China's TOTOLINK Electronics. It supports the MQTT protocol and Telnet service. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2025-7862 // JVNDB: JVNDB-2025-009715 // CNVD: CNVD-2025-17678

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17678

AFFECTED PRODUCTS

vendor:	totolink	model:	t6	scope:	eq	version:	v4.1.5cu.748_b20211015	Trust: 1.0
vendor:	totolink	model:	t6	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	t6	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	t6	scope:	eq	version:	t6 firmware v4.1.5cu.748 b20211015	Trust: 0.8
vendor:	totolink	model:	t6 4.1.5cu.748 b20211015	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-17678 // JVNDB: JVNDB-2025-009715 // NVD: CVE-2025-7862

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-7862
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2025-7862
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2025-009715
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-17678
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-7862
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-009715
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-17678
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-7862
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-7862
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-009715
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-17678 // JVNDB: JVNDB-2025-009715 // NVD: CVE-2025-7862 // NVD: CVE-2025-7862

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	CWE-306	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [ others ]	Trust: 0.8
problemtype:	Lack of authentication for critical features (CWE-306) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-009715 // NVD: CVE-2025-7862

EXTERNAL IDS

db:	NVD	id:	CVE-2025-7862	Trust: 3.2
db:	VULDB	id:	316975	Trust: 2.4
db:	JVNDB	id:	JVNDB-2025-009715	Trust: 0.8
db:	CNVD	id:	CNVD-2025-17678	Trust: 0.6

sources: CNVD: CNVD-2025-17678 // JVNDB: JVNDB-2025-009715 // NVD: CVE-2025-7862

REFERENCES

url:	https://vuldb.com/?id.316975	Trust: 2.4
url:	https://vuldb.com/?submit.617643	Trust: 2.4
url:	https://github.com/anduinbrian/public/blob/main/totolink%20t6/vuln/5.md	Trust: 2.4
url:	https://www.youtube.com/watch?v=xeku3tfesme	Trust: 2.4
url:	https://www.totolink.net/	Trust: 2.4
url:	https://github.com/anduinbrian/public/blob/main/totolink%20t6/vuln/5.md#poc-http	Trust: 1.8
url:	https://vuldb.com/?ctiid.316975	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2025-7862	Trust: 0.8
url:	https://github.com/anduinbrian/public/blob/main/totolink%20t6/vuln/5.md#poc	Trust: 0.6

sources: CNVD: CNVD-2025-17678 // JVNDB: JVNDB-2025-009715 // NVD: CVE-2025-7862

SOURCES

db:	CNVD	id:	CNVD-2025-17678
db:	JVNDB	id:	JVNDB-2025-009715
db:	NVD	id:	CVE-2025-7862

LAST UPDATE DATE

2025-08-09T23:11:05.605000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17678	date:	2025-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2025-009715	date:	2025-07-24T02:41:00
db:	NVD	id:	CVE-2025-7862	date:	2025-07-23T16:27:10.427

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17678	date:	2025-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2025-009715	date:	2025-07-24T00:00:00
db:	NVD	id:	CVE-2025-7862	date:	2025-07-20T03:15:23.773