CNNVD-202507-1772 Information
Jul 13, 2025
cve
CNNVD ID
CNNVD-202507-1772
Related CVE
- CNNVD Published: 2025-07-13
Description (Chinese)
TOTOLINK T6是中国吉翁电子(TOTOLINK)公司的一款无线双频路由器。 TOTOLINK T6 4.1.5cu.748_B20211015版本存在注入漏洞,该漏洞源于文件/cgi-bin/cstecgi.cgi中函数setTracerouteCfg对参数command的错误操作导致命令注入。
Description (English)
TOTOLINK T6 is a wireless dual-frequency router of the Chinese company TOTOLINK. TOTOLINK T6 4.1.5cu.748 B20211015 has an injection loophole which results from the error of the setTracerouteCfg function in document/cgi-bin/cstecgi.cgi to the parameter command.
Hazard Level
High
Vulnerability Type
注入
Affected Vendor
头歌
Published
2025-07-13
Last Modified
2026-02-24
References
https://vuldb.com/?submit.612936 https://www.totolink.net/ https://vuldb.com/?id.316222 https://github.com/ElvisBlue/Public/blob/main/Vuln/3.md#poc https://vuldb.com/?ctiid.316222 https://youtu.be/GawLaYfTwYs https://access.redhat.com/security/cve/cve-2025-7525
Share on: