CVE-2025-7525 | TOTOLINK T6 4.1.5cu.748_B20211015 HTTP POST Request /cgi-bin/cstecgi.cgi setTracerouteCfg command command injection

A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument command leads to command injection.

This vulnerability was named CVE-2025-7525. The attack can be initiated remotely. Furthermore, there is an exploit available.VulDB Recent EntriesRead More