Missing Authentication Flaw in TOTOLINK T6 Telnet Service
CVE-2025-7862

6.9MEDIUM

Key Information:

Vendor

Totolink
Status
T6
Vendor
CVE Published:
20 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-7862?

The TOTOLINK T6 router's Telnet Service contains a significant vulnerability due to a missing authentication mechanism in the setTelnetCfg function located at /cgi-bin/cstecgi.cgi. By manipulating the telnet_enabled parameter with an input of '1', unauthorized users can gain access to administrative features. This vulnerability can be exploited remotely, making it particularly concerning for network security. With the exploit made public, users of the TOTOLINK T6 firmware version 4.1.5cu.748_B20211015 are urged to take immediate precautions to secure their devices.

Affected Version(s)

T6 4.1.5cu.748_B20211015

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-7862 - Proof of Concept

References

https://vuldb.com/?id.316975
vdb-entrytechnical-description
https://vuldb.com/?ctiid.316975
signaturepermissions-required
https://vuldb.com/?submit.617643
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

reisen_1943 (VulDB User)
.
CVE-2025-7862 : Missing Authentication Flaw in TOTOLINK T6 Telnet Service