CVE-2025-2095
published 2025-03-07CVE-2025-2095: A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file…
PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.48%
82.6th percentile
A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 6.16.0 < 6.17.5 | 6.17.5 |
| totolink | ex1800t | — | — |
| totolink | ex1800t_firmware | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat6.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ixgbe: fix too early devlink_free() in ixgbe_remove()
osv·2025-10-30
CVE-2025-40091 ixgbe: fix too early devlink_free() in ixgbe_remove()
ixgbe: fix too early devlink_free() in ixgbe_remove()
In the Linux kernel, the following vulnerability has been resolved:
ixgbe: fix too early devlink_free() in ixgbe_remove()
Since ixgbe_adapter is embedded in devlink, calling devlink_free()
prematurely in the ixgbe_remove() path can lead to UAF. Move devlink_free()
to the end.
KASAN report:
BUG: KASAN: use-after-free in ixgbe_reset_interrupt_capability+0x140/0x180 [ixgbe]
Read of size 8 at addr ffff0000adf813e0 by task bash/2095
CPU: 1 UID: 0 PID: 2095 Comm: bash Tainted: G S 6.17.0-rc2-tnguy.net-queue+ #1 PREEMPT(full)
[...]
Call trace:
show_stack+0x30/0x90 (C)
dump_stack_lvl+0x9c/0xd0
print_address_description.constprop.0+0x90/0x310
print_report+0x104/0x1f0
kasan_report+0x88/0x180
__asan_report_load8_noabort+0x20/0x30
ixgbe_reset_
GHSA
GHSA-r72r-v289-fm3p: A vulnerability classified as critical has been found in TOTOLINK EX1800T 9
ghsa_unreviewed·2025-03-08
CVE-2025-2095 [MEDIUM] CWE-77 GHSA-r72r-v289-fm3p: A vulnerability classified as critical has been found in TOTOLINK EX1800T 9
A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
No detection rules found.
No public exploits indexed.
https://github.com/kn0sky/cve/blob/main/TOTOLINK%20EX1800T/OS%20Command%20Injection%2003%20setDmzCfg-_ip.mdhttps://vuldb.com/?ctiid.298953https://vuldb.com/?id.298953https://vuldb.com/?submit.515321https://www.totolink.net/https://github.com/kn0sky/cve/blob/main/TOTOLINK%20EX1800T/OS%20Command%20Injection%2003%20setDmzCfg-_ip.md
2025-03-07
Published