CVE-2025-14964

CriticalPublic PoC

Published: 19 December 2025

Published

19 December 2025

Modified

30 December 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0047 64.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely remediation of identified flaws, directly addressing the stack buffer overflow by patching the vulnerable sprintf usage in cstecgi.cgi.

SI-10 Information Input Validation good match

prevent

SI-10 mandates validation of information inputs, preventing the manipulation of the loginAuthUrl argument that triggers the buffer overflow.

SI-16 Memory Protection good match

prevent

SI-16 implements memory protections such as stack canaries and ASLR, mitigating exploitation of the stack-based buffer overflow even if invalid input reaches the sprintf function.

Security SummaryAI

CVE-2025-14964 is a stack-based buffer overflow vulnerability affecting the TOTOLINK T10 router on firmware version 4.1.8cu.5083_B20200521. The flaw occurs in the sprintf function within the /cgi-bin/cstecgi.cgi file, triggered by manipulation of the loginAuthUrl argument. It is classified under CWE-119 and CWE-121, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.

The vulnerability enables remote exploitation without requiring authentication, privileges, or user interaction. An attacker with network access can send crafted requests to overflow the stack, potentially achieving arbitrary code execution and full compromise of the device, including high impacts on confidentiality, integrity, and availability.

Advisories and details are documented in references such as the GitHub proof-of-concept at https://github.com/JackWesleyy/CVE/blob/main/TOTOLINK_T10_BOC.md and VulDB entries at https://vuldb.com/?ctiid.337599, https://vuldb.com/?id.337599, and https://vuldb.com/?submit.717720. Practitioners should check the vendor site at https://www.totolink.net/ for mitigation guidance or firmware patches.

Details

CWE(s): CWE-119 CWE-121

Affected Products

totolink

t10 firmware

4.1.8cu.5803_b20200521

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is a remote, unauthenticated stack-based buffer overflow in the router's public-facing web CGI interface (/cgi-bin/cstecgi.cgi), enabling arbitrary code execution and full device compromise, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/JackWesleyy/CVE/blob/main/TOTOLINK_T10_BOC.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.337599
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.337599
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.717720
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.totolink.net/
Product · cna@vuldb.com