Details of VAR-202507-2463

ID

VAR-202507-2463

CVE

CVE-2025-7952

TITLE

TOTOLINK of t6 Injection Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-009713

DESCRIPTION

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of t6 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK T6 is a wireless dual-band router released by China's Jiong Electronics (TOTOLINK). It supports the MQTT protocol and Telnet service. The TOTOLINK T6 has a command injection vulnerability caused by the ckeckKeepAlive function in the wireless.so file failing to properly sanitize special characters and commands in constructed commands. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2025-7952 // JVNDB: JVNDB-2025-009713 // CNVD: CNVD-2025-17676

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17676

AFFECTED PRODUCTS

vendor:	totolink	model:	t6	scope:	eq	version:	v4.1.5cu.748_b20211015	Trust: 1.0
vendor:	totolink	model:	t6	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	t6	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	t6	scope:	eq	version:	t6 firmware v4.1.5cu.748 b20211015	Trust: 0.8
vendor:	totolink	model:	t6 4.1.5cu.748	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-17676 // JVNDB: JVNDB-2025-009713 // NVD: CVE-2025-7952

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-7952
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2025-7952
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-009713
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-17676
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2025-7952
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-009713
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-17676
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-7952
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-7952
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-009713
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-17676 // JVNDB: JVNDB-2025-009713 // NVD: CVE-2025-7952 // NVD: CVE-2025-7952

PROBLEMTYPE DATA

problemtype:	CWE-74	Trust: 1.0
problemtype:	CWE-77	Trust: 1.0
problemtype:	injection (CWE-74) [ others ]	Trust: 0.8
problemtype:	Command injection (CWE-77) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-009713 // NVD: CVE-2025-7952

EXTERNAL IDS

db:	NVD	id:	CVE-2025-7952	Trust: 3.2
db:	VULDB	id:	317098	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-009713	Trust: 0.8
db:	CNVD	id:	CNVD-2025-17676	Trust: 0.6

sources: CNVD: CNVD-2025-17676 // JVNDB: JVNDB-2025-009713 // NVD: CVE-2025-7952

REFERENCES

url:	https://github.com/elvisblue/public/blob/main/vuln/7.md	Trust: 2.4
url:	https://github.com/elvisblue/public/blob/main/vuln/7.md#poc	Trust: 1.8
url:	https://vuldb.com/?id.317098	Trust: 1.8
url:	https://vuldb.com/?submit.619319	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://vuldb.com/?ctiid.317098	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-7952	Trust: 0.8

sources: CNVD: CNVD-2025-17676 // JVNDB: JVNDB-2025-009713 // NVD: CVE-2025-7952

SOURCES

db:	CNVD	id:	CNVD-2025-17676
db:	JVNDB	id:	JVNDB-2025-009713
db:	NVD	id:	CVE-2025-7952

LAST UPDATE DATE

2025-08-09T23:12:41.058000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17676	date:	2025-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2025-009713	date:	2025-07-24T02:41:00
db:	NVD	id:	CVE-2025-7952	date:	2025-07-23T16:16:10.950

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17676	date:	2025-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2025-009713	date:	2025-07-24T00:00:00
db:	NVD	id:	CVE-2025-7952	date:	2025-07-22T03:15:28.997