CVE-2025-6916HIGH 8.8EPSS p50.0%

CVE-2025-6916CVE-2025-6916

Description

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. This affects the function Form_Login of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.75% probability of exploitation · percentile 50.0% · 2026-06-19T12:03:05Z
Published2025-06-30
Last modified2026-04-29

Underlying weaknesses· 2

CWE-287CWE-306

References

  1. https://github.com/c0nyy/IoT_vuln/blob/main/TOTOLINK%20T6%20Vuln.md
  2. https://vuldb.com/?ctiid.314409
  3. https://vuldb.com/?id.314409
  4. https://vuldb.com/?submit.605101
  5. https://www.totolink.net/
  6. https://github.com/c0nyy/IoT_vuln/blob/main/TOTOLINK%20T6%20Vuln.md

2

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-9533
CVE
CVE-2025-7862
CVE
CVE-2025-7524
CVE
CVE-2025-6402
CVE
CVE-2025-6399
CVE
CVE-2025-51452
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.