CVE-2025-7913 is a critical buffer overflow vulnerability identified in the TOTOLINK T6 router, specifically in version 4.1.5cu.748_B20211015. The flaw exists within the MQTT Service component's updateWifiInfo function, where improper handling of the serverIp argument allows an attacker to overflow a buffer. This vulnerability can be exploited remotely without requiring user interaction or elevated privileges, making it highly accessible to attackers. The buffer overflow could lead to arbitrary code execution, potentially allowing an attacker to take full control of the affected device, disrupt network operations, or pivot to other internal systems. The vulnerability has a CVSS 4.0 base score of 8.7, indicating a high severity level, with network attack vector, low attack complexity, no privileges or user interaction needed, and high impact on confidentiality, integrity, and availability. Although no public exploits are currently known to be actively used in the wild, the exploit details have been disclosed publicly, increasing the risk of exploitation. The lack of available patches at the time of disclosure further elevates the threat level for users of this specific TOTOLINK T6 firmware version.

For European organizations, this vulnerability poses a significant risk, especially for those relying on TOTOLINK T6 routers in their network infrastructure. Successful exploitation could lead to unauthorized access to internal networks, data exfiltration, disruption of network services, and potential lateral movement within corporate environments. Given the critical nature of the flaw and the remote exploitability without authentication, attackers could leverage this vulnerability to compromise sensitive information or disrupt business operations. Organizations in sectors such as telecommunications, critical infrastructure, and enterprises with remote or branch offices using these routers are particularly vulnerable. The impact extends to both confidentiality and availability, potentially causing data breaches and denial of service conditions. The public disclosure of the exploit details increases the urgency for European organizations to assess their exposure and implement mitigations promptly.

1. Immediate identification and inventory of all TOTOLINK T6 devices running firmware version 4.1.5cu.748_B20211015 within the network. 2. Monitor TOTOLINK's official channels for firmware updates or patches addressing CVE-2025-7913 and apply them as soon as they become available. 3. In the absence of patches, consider isolating affected devices from critical network segments or restricting MQTT service access via network segmentation and firewall rules to limit exposure. 4. Employ network intrusion detection systems (NIDS) with signatures or anomaly detection capabilities targeting MQTT traffic anomalies that could indicate exploitation attempts. 5. Disable or restrict MQTT service on the router if it is not required for operational purposes. 6. Implement strict access controls and monitoring on network devices to detect unauthorized configuration changes or suspicious activities. 7. Educate IT and security teams about this vulnerability and ensure incident response plans include steps for addressing exploitation attempts related to this flaw.