Totolink T10 Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Totolink T10 Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in Totolink T10 Firmware. Last year, in 2025 T10 Firmware had 9 security vulnerabilities published. Right now, T10 Firmware is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 9 | 8.37 |
| 2024 | 2 | 9.30 |
It may take a day or so for new T10 Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Totolink T10 Firmware Security Vulnerabilities
Stack Buffer Overrun via loginAuthUrl in TOTOLINK T10 4.1.8cu.5083_B20200521
CVE-2025-14964
9.8 - Critical
- December 19, 2025
A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote.
Stack Overflow
setWizardCfg Buffer Overflow via ssid5g in TOTOLINK T10 4.1.8cu.5207
CVE-2025-6138
8.8 - High
- June 16, 2025
A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Classic Buffer Overflow
Hard-Coded Password in TOTOLINK T10 4.1.8cu.5207 (/etc/shadow)
CVE-2025-6139
3.9 - Low
- June 16, 2025
A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Credentials Management Errors
TOTOLINK T10 4.1.8cu.5207 Buffer Overflow via HTTPPOST (setWiFiScheduleCfg)
CVE-2025-6137
8.8 - High
- June 16, 2025
A vulnerability classified as critical has been found in TOTOLINK T10 4.1.8cu.5207. Affected is the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Classic Buffer Overflow
TOTOLINK T10 4.1.8cu.5207 Buffer Overflow in setWiFiRepeaterCfg
CVE-2025-5905
8.8 - High
- June 10, 2025
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been rated as critical. Affected by this issue is the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument Password leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Classic Buffer Overflow
TOTOLINK T10 4.1.8cu.5207 BF in POST setWiFiMeshName (crit)
CVE-2025-5904
8.8 - High
- June 10, 2025
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument device_name leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Classic Buffer Overflow
TOTOLINK T10 4.1.8cu.5207 BUF OVERFLOW via POST setWiFiAclRules, Remote
CVE-2025-5903
8.8 - High
- June 10, 2025
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Classic Buffer Overflow
Critical BOF in TOTOLINK T10 4.1.8cu.5207 setUpgradeFW (slaveIpList)
CVE-2025-5902
8.8 - High
- June 09, 2025
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument slaveIpList leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Classic Buffer Overflow
TOTOLINK T10 4.1.8cu.5207 Critical Buffer Overflow in UploadCustomModule
CVE-2025-5901
8.8 - High
- June 09, 2025
A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Classic Buffer Overflow
Totolink T10 4.1.8cu.5207: Remote OS Command Injection via setTracerouteCfg CGI
CVE-2024-9001
8.8 - High
- September 19, 2024
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Shell injection
TOTOLINK T10 AC1200 4.1.8cu.5207 Telnet Service Hard-coded Credentials
CVE-2024-8162
9.8 - Critical
- August 26, 2024
A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Use of Hard-coded Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Totolink T10 Firmware or by Totolink? Click the Watch button to subscribe.
