Buffer Overflow Vulnerability in TOTOLINK T6 MQTT Service
CVE-2025-7913

8.8HIGH

Key Information:

Vendor: TOTOLINK
Status: TOTOLINK T6
Vendor: CVE Published:; 21 July 2025

What is CVE-2025-7913?

A buffer overflow vulnerability has been identified in the function 'updateWifiInfo' of the MQTT Service utilized in the TOTOLINK T6 device. This flaw allows an attacker to manipulate the 'serverIp' argument, leading to potential exploitation. The vulnerability can be triggered remotely, posing a significant threat to users. It has been publicly disclosed, making it imperative for users to take immediate action to secure their devices against possible exploits.

References

https://github.com/AnduinBrian/Public/blob/main/Totolink%...

https://vuldb.com/?ctiid.317028

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2025