CVE-2025-2095Command Injection in Ex1800t

CWE-77Command InjectionCWE-78OS Command InjectionCWE-416Use After Free5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
2.2%
top 15.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink Ex1800tTotolink Ex1800t Firmware
Timeline
PublishedMar 7
Latest updateOct 30

Description

A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/ex1800t9.1.0cu.2112_B20220316
NVDtotolink/ex1800t_firmware9.1.0cu.2112_b20220316

🔴Vulnerability Details

3
OSV
ixgbe: fix too early devlink_free() in ixgbe_remove()2025-10-30
GHSA
GHSA-r72r-v289-fm3p: A vulnerability classified as critical has been found in TOTOLINK EX1800T 92025-03-08
CVEList
TOTOLINK EX1800T cstecgi.cgi setDmzCfg os command injection2025-03-07
CVE-2025-2095 — Command Injection in Totolink Ex1800t | cvebase