Primary

Context

TOTOLINK T6 Buffer Overflow Vulnerability in MQTT Service

Vulnerability

A critical buffer overflow vulnerability has been identified in the TOTOLINK T6 router, specifically in version 4.1.5cu.748_B20211015. The issue arises in the MQTT service's 'recvSlaveStaInfo' function, where the 'dest' argument can be manipulated, leading to a buffer overflow. This vulnerability can be exploited remotely, with a public exploit available.

Impact

Exploitation of this vulnerability allows for a buffer overflow, which can be used to control the saved return address and potentially execute arbitrary code.

Reproduction

The vulnerability can be reproduced by sending a crafted MQTT message that exploits the 'recvSlaveStaInfo' function. The message must be crafted to manipulate the 'dest' buffer, which is only 4 bytes long. The lack of input length validation in the 'strcpy' function creates the buffer overflow condition, allowing for control over the return address.

Added: Jul 19, 2025, 5:17 PM

Updated: Jul 19, 2025, 5:17 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TOTOLINK T6 Buffer Overflow Vulnerability in MQTT Service

Vulnerability

Impact

Reproduction

Affected Products

TOTOLINK T6

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating