Primary

Context

TOTOLINK T6 Buffer Overflow Vulnerability in MQTT Service

Vulnerability

A critical buffer overflow vulnerability has been identified in the TOTOLINK T6 router, specifically in version 4.1.5cu.748_B20211015. The issue arises in the MQTT service's 'recvSlaveUpgstatus' function, where the 's' buffer can be manipulated, leading to a buffer overflow. This vulnerability can be exploited remotely, with a public exploit available.

Impact

Exploitation of this vulnerability allows for a buffer overflow, which can be used to control the saved return address and potentially execute arbitrary code.

Reproduction

The vulnerability can be reproduced by sending a crafted MQTT message to the router's open MQTT service on port 1883. The message should be designed to overflow the 's' buffer in the 'recvSlaveUpgstatus' function, taking advantage of the lack of input length validation.

Added: Jul 20, 2025, 11:17 PM

Updated: Jul 20, 2025, 11:17 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TOTOLINK T6 Buffer Overflow Vulnerability in MQTT Service

Vulnerability

Impact

Reproduction

Affected Products

TOTOLINK T6

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating