Stack-Based Buffer Overflow in TOTOLINK T10 Network Device
CVE-2025-14964

9.3CRITICAL

Key Information:

Vendor: Totolink
Status: T10
Vendor: CVE Published:; 19 December 2025

What is CVE-2025-14964?

A security flaw exists in the TOTOLINK T10 version 4.1.8cu.5083_B20200521, where improper handling of the 'loginAuthUrl' parameter in the '/cgi-bin/cstecgi.cgi' script results in a stack-based buffer overflow. This vulnerability allows remote attackers to exploit the device, potentially leading to unauthorized access or service disruption. Users are advised to review the full details and apply necessary mitigations to secure their devices.

Affected Version(s)

T10 4.1.8cu.5083_B20200521

References

https://vuldb.com/?id.337599

vdb-entrytechnical-description

https://vuldb.com/?ctiid.337599

signaturepermissions-required

https://vuldb.com/?submit.717720

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2025
Vulnerability Reserved
Dec 19, 2025

Credit

JackWesley (VulDB User)

CVE-2025-14964 Data

JSON

Totolink

What is CVE-2025-14964?

Affected Version(s)

References

CVSS V4

Timeline

Credit