We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-8170

TOTOLINK T6 MQTT Packet meshSlaveDlfw tcpcheck_net buffer overflow



Description

EN DE

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. This vulnerability affects the function tcpcheck_net of the file /router/meshSlaveDlfw of the component MQTT Packet Handler. The manipulation of the argument serverIp leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

In TOTOLINK T6 4.1.5cu.748_B20211015 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion tcpcheck_net der Datei /router/meshSlaveDlfw der Komponente MQTT Packet Handler. Durch die Manipulation des Arguments serverIp mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-07-25 | Published 2025-07-25 | Updated 2025-07-25 | Assigner VulDB


HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
HIGH: 8.8CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
9.0AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR

Problem types

Buffer Overflow

Memory Corruption

Product status

4.1.5cu.748_B20211015
affected

Timeline

2025-07-25:Advisory disclosed
2025-07-25:VulDB entry created
2025-07-25:VulDB entry last update

Credits

reisen_1943 (VulDB User) reporter

References

vuldb.com/?id.317584 (VDB-317584 | TOTOLINK T6 MQTT Packet meshSlaveDlfw tcpcheck_net buffer overflow) vdb-entry technical-description

vuldb.com/?ctiid.317584 (VDB-317584 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.620834 (Submit #620834 | TOTOLINK T6 V4.1.5cu.748_B20211015 Buffer Overflow) third-party-advisory

github.com/...inBrian/Public/blob/main/Totolink T6/Vuln/9.md related

github.com/...inBrian/Public/blob/main/Totolink T6/Vuln/9.md exploit

www.totolink.net/ product

cve.org (CVE-2025-8170)

nvd.nist.gov (CVE-2025-8170)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-8170

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.