CNNVD-202507-1889 Information

Jul 14, 2025 cve

CNNVD ID

CNNVD-202507-1889

CVE-2025-7614

CNNVD Published: 2025-07-14

Description (Chinese)

TOTOLINK T6是中国吉翁电子（TOTOLINK）公司的一款无线双频路由器。 TOTOLINK T6 4.1.5cu.748版本存在注入漏洞，该漏洞源于组件HTTP POST Request Handler中文件/cgi-bin/cstecgi.cgi的函数delDevice对参数ipAddr的错误操作导致命令注入。

Description (English)

TOTOLINK T6 is a wireless dual-frequency router of the Chinese company TOTOLINK. The TOTOLINK T6 4.1.5cu.748 version has an injection loophole, which stems from the error of the delDevice function of document/cgi-bin/cstecgi.cgi in component HTTP POST Request Handler, resulting in the command injection of ipAddr.

Hazard Level

High

Vulnerability Type

注入

Affected Vendor

头歌

Published

2025-07-14

Last Modified

2026-02-24

References

https://github.com/ElvisBlue/Public/blob/main/Vuln/5.md#poc https://www.totolink.net/ https://vuldb.com/?ctiid.316314 https://vuldb.com/?submit.615368 https://vuldb.com/?id.316314 https://access.redhat.com/security/cve/cve-2025-7614

Share on: