CVE-2025-61045

CWE-77 — Command Injection CWE-78 — OS Command Injection4 documents4 sources

Severity

9.8CRITICAL

EPSS

3.4%

top 12.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Totolink X18 Firmware

Timeline

PublishedOct 1

Description

TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the mac parameter in the setEasyMeshAgentCfg function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDtotolink/x18_firmware9.1.0cu.2053_b20230309

🔴Vulnerability Details

GHSA

GHSA-2pvf-rfmw-cwjg: TOTOLINK X18 V9↗2025-10-01

▶

CVEList

CVE-2025-61045: TOTOLINK X18 V9↗2025-10-01

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Totolink setEasyMeshAgentCfg agentName Parameter Command Injection Attempt (CVE-2025-52906, CVE-2025-61044, CVE-2025-61045)↗2025-09-23

▶