CNNVD-202507-1891 Information

Jul 14, 2025 cve

CNNVD ID

CNNVD-202507-1891

CVE-2025-7615

CNNVD Published: 2025-07-14

Description (Chinese)

TOTOLINK T6是中国吉翁电子（TOTOLINK）公司的一款无线双频路由器。 TOTOLINK T6 4.1.5cu.748版本存在注入漏洞，该漏洞源于组件HTTP POST Request Handler中文件/cgi-bin/cstecgi.cgi的函数clearPairCfg对参数ip的错误操作导致命令注入。

Description (English)

TOTOLINK T6 is a wireless dual-frequency router of the Chinese company TOTOLINK. There is an injection loophole in TOTOLINK T6 4.1.5cu.748, which results from the error of the clearPairCfg function of document/cgi-bin/cstecgi.cgi in component HTTP POST Request Handler, resulting in the command injection of parameter ip.

Hazard Level

High

Vulnerability Type

注入

Affected Vendor

头歌

Published

2025-07-14

Last Modified

2026-02-24

References

https://www.totolink.net/ https://github.com/ElvisBlue/Public/blob/main/Vuln/6.md#poc https://vuldb.com/?ctiid.316315 https://vuldb.com/?id.316315 https://vuldb.com/?submit.615369 https://access.redhat.com/security/cve/cve-2025-7615

Share on: