CVE-2025-5902 – TOTOLINK T10 Buffer Overflow in POST Request Handler

June 9, 2025

CVE ID : CVE-2025-5902

Published : June 9, 2025, 11:15 p.m. | 2 hours, 23 minutes ago

Description : A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument slaveIpList leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5901 – TOTOLINK T10 Buffer Overflow in POST Request Handler

Next Article CVE-2025-30184 – CyberData Intercom Unauthenticated Web Interface Access

Highlights

CVE-2025-24331 – Nokia Single RAN Root Privilege Escalation Vulnerability

July 2, 2025

CVE ID : CVE-2025-24331

Published : July 2, 2025, 9:15 a.m. | 27 minutes ago

Description : The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privilege drop and, in theory, could potentially allow actions beyond the intended scope of the OAM service. These actions could include gaining root privileges, accessing root-owned files, modifying them as the file owner, and then returning them to root ownership. This issue has been corrected starting from release 24R1-SR 0.2 MP and later.

Beginning with release 24R1-SR 0.2 MP, the OAM service software capabilities are restricted to the minimum necessary.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

AI-Generated Code Poses Major Security Risks in Nearly Half of All Development Tasks, Veracode Research Reveals

Understanding the code modernization conundrum

Not just YouTube: Google is using AI to guess your age based on your activity – everywhere

Malicious extensions can use ChatGPT to steal your personal data – here’s how

What Zuckerberg’s ‘personal superintelligence’ sales pitch leaves out

This handy NordVPN tool flags scam calls on Android – even before you answer

Route Optimization through Laravel’s Shallow Resource Architecture

Route Optimization through Laravel’s Shallow Resource Architecture

This Week in Laravel: Laracon News, Free Laravel Idea, and Claude Code Course

Everything We Know About Pest 4

FOSS Weekly #25.31: Kernel 6.16, OpenMandriva Review, Conky Customization, System Monitoring and More

FOSS Weekly #25.31: Kernel 6.16, OpenMandriva Review, Conky Customization, System Monitoring and More

Windows 11’s MSN Widgets board now opens in default browser, such as Chrome (EU only)

Microsoft’s new “move to Windows 11” campaign implies buying OneDrive paid plan

CVE-2025-5902 – TOTOLINK T10 Buffer Overflow in POST Request Handler

The hidden risks of browser extensions – and how to stay safe

Minnesota National Guard Deployed After Major Cyberattack on St. Paul City Systems

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

How to Become a Node.js Backend Developer

SysAid ITSM Platform Vulnerabilities Allows Pre-authenticated Remote Command Execution

Hackers Had Access to 150,000 Emails in U.S. Treasury Email Breach

CVE-2025-24331 – Nokia Single RAN Root Privilege Escalation Vulnerability

Create React UI component with uncontrollable

Cisco waarschuwt voor kritiek Erlang/OTP SSH-lek in eigen producten

I hope this PowerToys redesign becomes a reality — it’s too easy to get lost in the app

CVE-2025-5902 – TOTOLINK T10 Buffer Overflow in POST Request Handler

Related Posts