Stack-Based Buffer Overflow in TOTOLINK T10 Network Device
CVE-2025-14964

9.3CRITICAL

Key Information:

Vendor

Totolink
Status
T10
Vendor
CVE Published:
19 December 2025

What is CVE-2025-14964?

A security flaw exists in the TOTOLINK T10 version 4.1.8cu.5083_B20200521, where improper handling of the 'loginAuthUrl' parameter in the '/cgi-bin/cstecgi.cgi' script results in a stack-based buffer overflow. This vulnerability allows remote attackers to exploit the device, potentially leading to unauthorized access or service disruption. Users are advised to review the full details and apply necessary mitigations to secure their devices.

Affected Version(s)

T10 4.1.8cu.5083_B20200521

References

https://vuldb.com/?id.337599
vdb-entrytechnical-description
https://vuldb.com/?ctiid.337599
signaturepermissions-required
https://vuldb.com/?submit.717720
third-party-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

JackWesley (VulDB User)
JSON
.