CVE-2025-7614 | TOTOLINK T6 4.1.5cu.748 HTTP POST Request /cgi-bin/cstecgi.cgi delDevice ipAddr command injection

July 13, 2025 Yanac

A vulnerability classified as critical has been found in TOTOLINK T6 4.1.5cu.748. Affected is the function delDevice of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ipAddr leads to command injection.

This vulnerability is traded as CVE-2025-7614. It is possible to launch the attack remotely. Furthermore, there is an exploit available.VulDB Recent EntriesRead More