ET EXPLOIT Totolink MQTT ckeckKeepAlive ipAddr Parameter Command Injection Attempt (CVE-2025-7952)

SID: 2063673Rev: 19 views

Sourceet/open

CreatedJuly 22, 2025

UpdatedJuly 22, 2025

Classificationweb-application-attack

alert tcp any any -> $HOME_NET 1883 (msg:"ET EXPLOIT Totolink MQTT ckeckKeepAlive ipAddr Parameter Command Injection Attempt (CVE-2025-7952)"; flow:established,to_server; content:"totolink/router/ckeckKeepAlive|0a|"; depth:38; fast_pattern; content:"|22|ipAddr|22 3a 22|"; pcre:"/^.*?(?:(?:\x3b|%3[Bb])|(?:\x0a|%0[Aa])|(?:\x60|%60)|(?:\x7c|%7[Cc])|(?:\x24|%24))+/R"; reference:url,github.com/ElvisBlue/Public/blob/main/Vuln/7.md; reference:cve,2025-7952; classtype:web-application-attack; sid:2063673; rev:1; metadata:affected_product TOTOLINK, attack_target Networking_Equipment, tls_state plaintext, created_at 2025_07_22, cve CVE_2025_7952, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, updated_at 2025_07_22, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

url	github.com/ElvisBlue/Public/blob/main/Vuln/7.md
cve	2025-7952

Metadata

affected productTOTOLINK

attack targetNetworking_Equipment

tls stateplaintext

created at2025_07_22

cveCVE-2025-7952

deploymentInternal

performance impactLow

confidenceHigh

signature severityMajor

tagExploit

updated at2025_07_22

mitre tactic idTA0001

mitre tactic nameInitial_Access

mitre technique idT1190

mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!