PUBLISHED DATE: July 14, 2025CVE-2025-7614:
Command Injection Vulnerability

Description

A vulnerability classified as critical has been found in TOTOLINK T6 4.1.5cu.748. Affected is the function delDevice of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ipAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Products

• TOTOLINK T6 Firmware V4.1.5cu.748 B20211015

Questions to Ask Vendors

1. Can you confirm whether your systems are affected by CVE-2025-7614, and if so, what steps are you currently taking to mitigate this vulnerability?
2. What is your estimated timeline for fully resolving CVE-2025-7614 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

• Check out the advisory links provided below.

References

• https://capec.mitre.org/data/definitions/10.html
• https://capec.mitre.org/data/definitions/101.html
• https://capec.mitre.org/data/definitions/105.html
• https://capec.mitre.org/data/definitions/108.html
• https://capec.mitre.org/data/definitions/120.html
• https://capec.mitre.org/data/definitions/13.html
• https://capec.mitre.org/data/definitions/135.html
• https://capec.mitre.org/data/definitions/14.html
• https://capec.mitre.org/data/definitions/24.html
• https://capec.mitre.org/data/definitions/250.html
• https://capec.mitre.org/data/definitions/267.html
• https://capec.mitre.org/data/definitions/273.html
• https://capec.mitre.org/data/definitions/28.html
• https://capec.mitre.org/data/definitions/3.html
• https://capec.mitre.org/data/definitions/34.html
• https://capec.mitre.org/data/definitions/42.html
• https://capec.mitre.org/data/definitions/43.html
• https://capec.mitre.org/data/definitions/45.html
• https://capec.mitre.org/data/definitions/46.html
• https://capec.mitre.org/data/definitions/47.html
• https://capec.mitre.org/data/definitions/51.html
• https://capec.mitre.org/data/definitions/52.html
• https://capec.mitre.org/data/definitions/53.html
• https://capec.mitre.org/data/definitions/6.html
• https://capec.mitre.org/data/definitions/64.html
• https://capec.mitre.org/data/definitions/67.html
• https://capec.mitre.org/data/definitions/7.html
• https://capec.mitre.org/data/definitions/71.html
• https://capec.mitre.org/data/definitions/72.html
• https://capec.mitre.org/data/definitions/76.html
• https://capec.mitre.org/data/definitions/78.html
• https://capec.mitre.org/data/definitions/79.html
• https://capec.mitre.org/data/definitions/8.html
• https://capec.mitre.org/data/definitions/80.html
• https://capec.mitre.org/data/definitions/83.html
• https://capec.mitre.org/data/definitions/84.html
• https://capec.mitre.org/data/definitions/9.html
• https://nvd.nist.gov/vuln/detail/CVE-2025-7614