Totolink

T10 Firmware

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-9533

Exploit
  • EPSS 0.15%
  • Veröffentlicht 27.08.2025 14:32:11
  • Zuletzt bearbeitet 03.09.2025 16:17:58

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to improper authentication. The attack can be init...

9.8

CVE-2025-44655

  • EPSS 0.35%
  • Veröffentlicht 21.07.2025 00:00:00
  • Zuletzt bearbeitet 07.08.2025 17:58:19

In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for inter...

3.9

CVE-2025-6139

Exploit
  • EPSS 0.06%
  • Veröffentlicht 16.06.2025 21:00:17
  • Zuletzt bearbeitet 26.06.2025 16:27:37

A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack c...

9

CVE-2025-6138

Exploit
  • EPSS 0.19%
  • Veröffentlicht 16.06.2025 20:31:09
  • Zuletzt bearbeitet 20.06.2025 14:34:32

A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument s...

8.8

CVE-2025-6137

Exploit
  • EPSS 0.16%
  • Veröffentlicht 16.06.2025 20:00:16
  • Zuletzt bearbeitet 26.06.2025 16:33:18

A vulnerability classified as critical has been found in TOTOLINK T10 4.1.8cu.5207. Affected is the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument desc leads t...

9

CVE-2025-5905

Exploit
  • EPSS 0.22%
  • Veröffentlicht 10.06.2025 00:00:18
  • Zuletzt bearbeitet 16.06.2025 14:21:25

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been rated as critical. Affected by this issue is the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ...

9

CVE-2025-5904

Exploit
  • EPSS 0.22%
  • Veröffentlicht 10.06.2025 00:00:16
  • Zuletzt bearbeitet 16.06.2025 14:26:59

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the a...

9

CVE-2025-5903

Exploit
  • EPSS 0.29%
  • Veröffentlicht 09.06.2025 23:31:07
  • Zuletzt bearbeitet 16.06.2025 14:29:15

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads t...

9

CVE-2025-5902

Exploit
  • EPSS 0.29%
  • Veröffentlicht 09.06.2025 23:00:16
  • Zuletzt bearbeitet 16.06.2025 14:32:27

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument slaveIpList leads...

9

CVE-2025-5901

Exploit
  • EPSS 0.29%
  • Veröffentlicht 09.06.2025 22:31:07
  • Zuletzt bearbeitet 16.06.2025 14:36:39

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argumen...