Details of VAR-202507-2447

ID

VAR-202507-2447

CVE

CVE-2025-7912

TITLE

TOTOLINK of t6 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-009714

DESCRIPTION

A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of the component MQTT Service. The manipulation of the argument s leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of t6 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK T6 is a wireless dual-band router released by China's TOTOLINK Electronics. It supports the MQTT protocol and Telnet service, and is primarily designed for home and small business networking. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-7912 // JVNDB: JVNDB-2025-009714 // CNVD: CNVD-2025-17538

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17538

AFFECTED PRODUCTS

vendor:	totolink	model:	t6	scope:	eq	version:	v4.1.5cu.748_b20211015	Trust: 1.0
vendor:	totolink	model:	t6	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	t6	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	t6	scope:	eq	version:	t6 firmware v4.1.5cu.748 b20211015	Trust: 0.8
vendor:	totolink	model:	t6 4.1.5cu.748 b20211015	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-17538 // JVNDB: JVNDB-2025-009714 // NVD: CVE-2025-7912

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-7912
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-009714
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-17538
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-7912
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-009714
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-17538
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-7912
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-009714
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-17538 // JVNDB: JVNDB-2025-009714 // NVD: CVE-2025-7912

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-009714 // NVD: CVE-2025-7912

EXTERNAL IDS

db:	NVD	id:	CVE-2025-7912	Trust: 3.2
db:	VULDB	id:	317027	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-009714	Trust: 0.8
db:	CNVD	id:	CNVD-2025-17538	Trust: 0.6

sources: CNVD: CNVD-2025-17538 // JVNDB: JVNDB-2025-009714 // NVD: CVE-2025-7912

REFERENCES

url:	https://github.com/anduinbrian/public/blob/main/totolink%20t6/vuln/6.md	Trust: 2.4
url:	https://github.com/anduinbrian/public/blob/main/totolink%20t6/vuln/6.md#poc	Trust: 1.8
url:	https://vuldb.com/?id.317027	Trust: 1.8
url:	https://vuldb.com/?submit.618655	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://vuldb.com/?ctiid.317027	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-7912	Trust: 0.8

sources: CNVD: CNVD-2025-17538 // JVNDB: JVNDB-2025-009714 // NVD: CVE-2025-7912

SOURCES

db:	CNVD	id:	CNVD-2025-17538
db:	JVNDB	id:	JVNDB-2025-009714
db:	NVD	id:	CVE-2025-7912

LAST UPDATE DATE

2025-08-06T23:12:38.011000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17538	date:	2025-08-05T00:00:00
db:	JVNDB	id:	JVNDB-2025-009714	date:	2025-07-24T02:41:00
db:	NVD	id:	CVE-2025-7912	date:	2025-07-23T16:07:45.960

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17538	date:	2025-08-05T00:00:00
db:	JVNDB	id:	JVNDB-2025-009714	date:	2025-07-24T00:00:00
db:	NVD	id:	CVE-2025-7912	date:	2025-07-20T23:15:32.153