CVE-2025-61044

CWE-77 — Command Injection4 documents4 sources

Severity

9.8CRITICAL

EPSS

2.7%

top 14.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Totolink X18 Firmware

Timeline

PublishedOct 1

Description

TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the agentName parameter in the setEasyMeshAgentCfg function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDtotolink/x18_firmware9.1.0cu.2053_b20230309

🔴Vulnerability Details

CVEList

CVE-2025-61044: TOTOLINK X18 V9↗2025-10-01

▶

GHSA

GHSA-fp7p-3ghq-63mp: TOTOLINK X18 V9↗2025-10-01

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Totolink setEasyMeshAgentCfg agentName Parameter Command Injection Attempt (CVE-2025-52906, CVE-2025-61044, CVE-2025-61045)↗2025-09-23

▶