- Description
- A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been rated as critical. This issue affects the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- Source
- cna@vuldb.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 5.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 6.3
- Impact score
- 3.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
CVSS 2.0
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- cna@vuldb.com
- CWE-77
- Hype score
- Not currently trending
🚨 Critical vulnerabilities in TOTOLINK X18! 🚨 CVE-2025-1339: OS command injection https://t.co/mXTBnu2wAY CVE-2025-1340: Stack-based buffer overflow in setPasswordCfg - https://t.co/jtaWZ7CQ7V Both can be exploited remotely. Vendor unresponsive. #CyberSecurity #Infosec https:
@BaseFortify
17 Feb 2025
25 Impressions
0 Retweets
1 Like
0 Bookmarks
2 Replies
0 Quotes
CVE-2025-1339 A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been rated as critical. This issue affects the function setL2tpdConfig of the file /cgi-bin/cst… https://t.co/3CgLBsDS6Q
@CVEnew
16 Feb 2025
643 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes