{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5901", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-09T07:58:37.592Z", "datePublished": "2025-06-09T22:31:07.562Z", "dateUpdated": "2025-06-10T15:28:26.501Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-09T22:31:07.562Z"}, "title": "TOTOLINK T10 POST Request cstecgi.cgi UploadCustomModule buffer overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "TOTOLINK", "product": "T10", "versions": [{"version": "4.1.8cu.5207", "status": "affected"}], "modules": ["POST Request Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "In TOTOLINK T10 4.1.8cu.5207 wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es die Funktion UploadCustomModule der Datei /cgi-bin/cstecgi.cgi der Komponente POST Request Handler. Dank der Manipulation des Arguments File mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-06-09T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-09T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-09T10:03:57.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Yangshuangning (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.311674", "name": "VDB-311674 | TOTOLINK T10 POST Request cstecgi.cgi UploadCustomModule buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.311674", "name": "VDB-311674 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.592243", "name": "Submit #592243 | TOTOLINK T10 V2_Firmware V2_V4.1.8cu.5207 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://candle-throne-f75.notion.site/TOTOLINK-T10-UploadCustomModule-20bdf0aa118580d59961cd545582c118", "tags": ["exploit"]}, {"url": "https://www.totolink.net/", "tags": ["product"]}]}, "adp": [{"references": [{"url": "https://candle-throne-f75.notion.site/TOTOLINK-T10-UploadCustomModule-20bdf0aa118580d59961cd545582c118", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-10T14:20:31.484366Z", "id": "CVE-2025-5901", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-10T15:28:26.501Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5901", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-10T14:20:31.484366Z"}}}], "references": [{"url": "https://candle-throne-f75.notion.site/TOTOLINK-T10-UploadCustomModule-20bdf0aa118580d59961cd545582c118", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-10T14:20:33.991Z"}}], "cna": {"title": "TOTOLINK T10 POST Request cstecgi.cgi UploadCustomModule buffer overflow", "credits": [{"lang": "en", "type": "reporter", "value": "Yangshuangning (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "TOTOLINK", "modules": ["POST Request Handler"], "product": "T10", "versions": [{"status": "affected", "version": "4.1.8cu.5207"}]}], "timeline": [{"lang": "en", "time": "2025-06-09T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-06-09T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-09T10:03:57.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.311674", "name": "VDB-311674 | TOTOLINK T10 POST Request cstecgi.cgi UploadCustomModule buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.311674", "name": "VDB-311674 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.592243", "name": "Submit #592243 | TOTOLINK T10 V2_Firmware V2_V4.1.8cu.5207 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://candle-throne-f75.notion.site/TOTOLINK-T10-UploadCustomModule-20bdf0aa118580d59961cd545582c118", "tags": ["exploit"]}, {"url": "https://www.totolink.net/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "In TOTOLINK T10 4.1.8cu.5207 wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es die Funktion UploadCustomModule der Datei /cgi-bin/cstecgi.cgi der Komponente POST Request Handler. Dank der Manipulation des Arguments File mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-09T22:31:07.562Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5901", "state": "PUBLISHED", "dateUpdated": "2025-06-10T15:28:26.501Z", "dateReserved": "2025-06-09T07:58:37.592Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-06-09T22:31:07.562Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en TOTOLINK T10 4.1.8cu.5207, clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n UploadCustomModule del archivo /cgi-bin/cstecgi.cgi del componente POST Request Handler. La manipulaci\u00f3n del argumento \"File\" provoca un desbordamiento del b\u00fafer. El ataque puede iniciarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."}], "id": "CVE-2025-5901", "lastModified": "2025-06-12T16:06:39.330", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-06-09T23:15:22.433", "references": [{"source": "cna@vuldb.com", "url": "https://candle-throne-f75.notion.site/TOTOLINK-T10-UploadCustomModule-20bdf0aa118580d59961cd545582c118"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.311674"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.311674"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.592243"}, {"source": "cna@vuldb.com", "url": "https://www.totolink.net/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://candle-throne-f75.notion.site/TOTOLINK-T10-UploadCustomModule-20bdf0aa118580d59961cd545582c118"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-120"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}