Описание
A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of the component MQTT Service. The manipulation of the argument s leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of the component MQTT Service. The manipulation of the argument s leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-7912
- https://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/6.md
- https://github.com/AnduinBrian/Public/blob/main/Totolink%20T6/Vuln/6.md#poc
- https://vuldb.com/?ctiid.317027
- https://vuldb.com/?id.317027
- https://vuldb.com/?submit.618655
- https://www.totolink.net
Связанные уязвимости
A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of the component MQTT Service. The manipulation of the argument s leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Уязвимость функции recvSlaveUpgstatus() службы MQTT микропрограммного обеспечения mesh-системы TOTOLink T6, позволяющая нарушителю выполнить произвольный код