CVE-2025-1829 | TOTOLINK X18 9.1.0cu.2024_B20220329 /cgi-bin/cstecgi.cgi setMtknatCfg mtkhnatEnable os command injection

Inserito da Angelo Barbosa | Mar 1, 2025 | CVE

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection.

This vulnerability was named CVE-2025-1829. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-1829 | TOTOLINK X18 9.1.0cu.2024_B20220329 /cgi-bin/cstecgi.cgi setMtknatCfg mtkhnatEnable os command injection

Post correlati

CVE-2021-46928 | Linux Kernel up to 5.10.89/5.15/5.15.12 parisc memory corruption (d01e9ce1af61/e96373f0a5f4/484730e5862f)

CVE-2024-41810 | Twisted up to 24.3.0 Twisted.web.util.redirectTo cross site scripting (GHSA-cf56-g6w6-pqq2)

CVE-2024-8758 | Quiz and Survey Master Plugin up to 9.1.2 on WordPress Setting cross site scripting

CVE-2024-48223 | funadmin 5.0.2 /curd/table/fieldlist sql injection