Details of VAR-202507-2575

ID

VAR-202507-2575

CVE

CVE-2025-8170

TITLE

TOTOLINK of t6 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-011037

DESCRIPTION

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. This vulnerability affects the function tcpcheck_net of the file /router/meshSlaveDlfw of the component MQTT Packet Handler. The manipulation of the argument serverIp leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of t6 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK T6 is a wireless router product from TOTOLINK. An attacker could exploit this vulnerability by remotely crafting malicious data to trigger the buffer overflow, potentially executing arbitrary code or causing the system to crash

Trust: 2.16

sources: NVD: CVE-2025-8170 // JVNDB: JVNDB-2025-011037 // CNVD: CNVD-2025-18187

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-18187

AFFECTED PRODUCTS

vendor:	totolink	model:	t6	scope:	eq	version:	v4.1.5cu.748_b20211015	Trust: 1.0
vendor:	totolink	model:	t6	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	t6	scope:	eq	version:	t6 firmware v4.1.5cu.748 b20211015	Trust: 0.8
vendor:	totolink	model:	t6	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	t6 4.1.5cu.748 b20211015	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-18187 // JVNDB: JVNDB-2025-011037 // NVD: CVE-2025-8170

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-8170
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-011037
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-18187
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-8170
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-011037
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-18187
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-8170
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-011037
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-18187 // JVNDB: JVNDB-2025-011037 // NVD: CVE-2025-8170

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-011037 // NVD: CVE-2025-8170

EXTERNAL IDS

db:	NVD	id:	CVE-2025-8170	Trust: 3.2
db:	VULDB	id:	317584	Trust: 2.4
db:	JVNDB	id:	JVNDB-2025-011037	Trust: 0.8
db:	CNVD	id:	CNVD-2025-18187	Trust: 0.6

sources: CNVD: CNVD-2025-18187 // JVNDB: JVNDB-2025-011037 // NVD: CVE-2025-8170

REFERENCES

url:	https://vuldb.com/?id.317584	Trust: 2.4
url:	https://vuldb.com/?submit.620834	Trust: 2.4
url:	https://github.com/anduinbrian/public/blob/main/totolink%20t6/vuln/9.md	Trust: 2.4
url:	https://github.com/anduinbrian/public/blob/main/totolink%20t6/vuln/9.md#poc	Trust: 2.4
url:	https://www.totolink.net/	Trust: 2.4
url:	https://vuldb.com/?ctiid.317584	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2025-8170	Trust: 0.8

sources: CNVD: CNVD-2025-18187 // JVNDB: JVNDB-2025-011037 // NVD: CVE-2025-8170

SOURCES

db:	CNVD	id:	CNVD-2025-18187
db:	JVNDB	id:	JVNDB-2025-011037
db:	NVD	id:	CVE-2025-8170

LAST UPDATE DATE

2025-08-15T05:32:31.933000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-18187	date:	2025-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2025-011037	date:	2025-08-08T08:13:00
db:	NVD	id:	CVE-2025-8170	date:	2025-08-07T14:34:13.450

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-18187	date:	2025-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2025-011037	date:	2025-08-08T00:00:00
db:	NVD	id:	CVE-2025-8170	date:	2025-07-25T21:15:28.080