| Title | TOTOLINK T6 V4.1.5cu.748 Command Injection |
|---|
| Description | TOTOLINK Mesh Wifi T6 router has a command injection vulnerability. This vulnerability can be triggered through the topicurl `clearPairCfg`. An attacker can implement a RCE attack by sending a malicious HTTP POST request.
|
|---|
| Source | ⚠️ https://github.com/ElvisBlue/Public/blob/main/Vuln/6.md |
|---|
| User | ElvisBlue (UID 87432) |
|---|
| Submission | 07/13/2025 18:51 (11 months ago) |
|---|
| Moderation | 07/13/2025 22:59 (4 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 316315 [TOTOLINK T6 4.1.5cu.748 HTTP POST Request /cgi-bin/cstecgi.cgi clearPairCfg ip command injection] |
|---|
| Points | 16 |
|---|