Totolink X18 vulnerabilities

CVE-2025-1829 [MEDIUM] CWE-77 CVE-2025-1829: A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may

CVE-2025-1340 [HIGH] CWE-119 CVE-2025-1340: A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affect A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The ve

CVE-2025-1339 [MEDIUM] CWE-77 CVE-2025-1339: A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been rated as critical. Thi A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been rated as critical. This issue affects the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The v

CVE-2024-10966 [MEDIUM] CWE-77 CVE-2024-10966: A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B2022 A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and ma