| Title | TOTOLINK T6 V4.1.5cu.748_B20211015 Command Injection |
|---|
| Description | TOTOLINK Mesh Wifi T6 router has a command injection bypass vulnerability. This vulnerability can be triggered through the topicurl `setTracerouteCfg`. An attacker can implement a RCE attack by sending a malicious HTTP POST request.
|
|---|
| Source | ⚠️ https://github.com/ElvisBlue/Public/blob/main/Vuln/3.md |
|---|
| User | ElvisBlue (UID 87432) |
|---|
| Submission | 07/09/2025 16:34 (11 months ago) |
|---|
| Moderation | 07/12/2025 08:54 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 316222 [TOTOLINK T6 4.1.5cu.748_B20211015 HTTP POST Request /cgi-bin/cstecgi.cgi setTracerouteCfg command command injection] |
|---|
| Points | 16 |
|---|