Primary

Context

TOTOLINK T6 Missing Authentication Vulnerability in Form_Login Function

Vulnerability

A critical vulnerability exists in the TOTOLINK T6 router, specifically in version 4.1.5cu.748_B20211015. The issue arises in the Form_Login function of the file /formLoginAuth.htm, where the manipulation of the authCode and goURL parameters creates a missing authentication flaw. This vulnerability requires local network access to exploit.

Impact

Exploitation of this vulnerability allows for unauthorized access to the router's home page, bypassing authentication requirements.

Reproduction

To reproduce this vulnerability, access the router's login page and manipulate the authCode and goURL parameters. This can be done by sending a crafted request that includes the modified parameters, effectively bypassing the authentication process and gaining access to the home page.

Remediation

It is recommended to implement restrictive firewall rules to block unauthorized access to the router.

Added: Jun 30, 2025, 5:29 PM

Updated: Jun 30, 2025, 7:10 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TOTOLINK T6 Missing Authentication Vulnerability in Form_Login Function

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating