ElvisBlue

7 exploits Active since Jul 2025
CVE-2025-7460 WRITEUP HIGH WORKING POC
TOTOLINK T6 4.1.5cu.748_B20211015 - Buffer Overflow
A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7524 WRITEUP MEDIUM WORKING POC
TOTOLINK T6 4.1.5cu.748_B20211015 - Command Injection
A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-7525 WRITEUP MEDIUM WORKING POC
TOTOLINK T6 4.1.5cu.748_B20211015 - Command Injection
A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument command leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-7613 WRITEUP MEDIUM WORKING POC
TOTOLINK T6 4.1.5cu.748 - Command Injection
A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rated as critical. This issue affects the function CloudSrvVersionCheck of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-7614 WRITEUP MEDIUM WORKING POC
TOTOLINK T6 4.1.5cu.748 - Command Injection
A vulnerability classified as critical has been found in TOTOLINK T6 4.1.5cu.748. Affected is the function delDevice of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ipAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-7615 WRITEUP MEDIUM WORKING POC
TOTOLINK T6 4.1.5cu.748 - Command Injection
A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-7952 WRITEUP MEDIUM WORKING POC
TOTOLINK T6 4.1.5cu.748 - Command Injection
A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3