CVE-2025-7613 is a command injection vulnerability identified in the TOTOLINK T6 router, specifically in version 4.1.5cu.748. The flaw resides in the CloudSrvVersionCheck function within the /cgi-bin/cstecgi.cgi HTTP POST request handler. An attacker can manipulate the 'ip' argument sent to this function to inject arbitrary commands that the system executes. This vulnerability is remotely exploitable without requiring user interaction or authentication, making it a significant risk. The CVSS 4.0 base score is 5.3 (medium severity), reflecting that while the attack vector is network-based and requires low attack complexity, it does require some privileges (PR:L) and results in low impact on confidentiality, integrity, and availability. The vulnerability does not affect system confidentiality, integrity, or availability severely but does allow command execution, which could be leveraged for further attacks or system compromise. Although no public exploit is currently known to be in the wild, the exploit details have been disclosed publicly, increasing the risk of exploitation. The absence of a patch link indicates that a fix may not yet be available, emphasizing the need for mitigation measures. TOTOLINK T6 routers are commonly used in home and small office environments, and this vulnerability could be exploited to gain unauthorized control over the device, potentially allowing attackers to intercept traffic, pivot into internal networks, or disrupt network operations.

For European organizations, especially small and medium enterprises (SMEs) and home office users relying on TOTOLINK T6 routers, this vulnerability poses a risk of unauthorized remote command execution. Exploitation could lead to network compromise, data interception, or disruption of internet connectivity. Given the router's role as a network gateway, attackers could leverage this vulnerability to launch further attacks on internal systems or exfiltrate sensitive data. While the direct impact on large enterprises may be limited due to the likely use of more robust network equipment, SMEs and remote workers using this device are at higher risk. Additionally, critical infrastructure or service providers using these routers in less secure environments could face operational disruptions. The medium severity rating suggests that while the immediate damage may be limited, the potential for lateral movement and persistent access increases the overall threat level.

1. Immediate mitigation should include isolating affected TOTOLINK T6 devices from critical network segments to limit potential lateral movement. 2. Network administrators should monitor network traffic for unusual POST requests to /cgi-bin/cstecgi.cgi, especially those containing suspicious 'ip' parameter values. 3. Implement network-level filtering or firewall rules to restrict external access to the router's management interface, ideally limiting it to trusted IP addresses or disabling remote management entirely. 4. Regularly audit and update router firmware; although no patch is currently linked, monitor TOTOLINK's official channels for updates addressing this vulnerability. 5. Employ network segmentation and intrusion detection systems to detect and prevent exploitation attempts. 6. Educate users about the risks of using outdated router firmware and encourage replacement of devices that no longer receive security updates. 7. Consider deploying endpoint security solutions that can detect anomalous network behavior indicative of exploitation attempts.