CVE-2025-2094 | TOTOLINK EX1800T 9.1.0cu.2112_B20220316 /cgi-bin/cstecgi.cgi setWiFiExtenderConfig apcliKey/key os command injection

Inserito da Angelo Barbosa | Mar 7, 2025 | CVE

A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. It has been rated as critical. Affected by this issue is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliKey/key leads to os command injection.

This vulnerability is handled as CVE-2025-2094. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2025-2094 | TOTOLINK EX1800T 9.1.0cu.2112_B20220316 /cgi-bin/cstecgi.cgi setWiFiExtenderConfig apcliKey/key os command injection

Post correlati

CVE-2024-44334 | D-Link DI-7400G+V2 24.04.18 CGI upgrade_filter.asp Privilege Escalation

CVE-2023-49346 | budgie-weathershow _weatherdata injection

CVE-2021-46910 | Linux Kernel up to 5.11.15 mm kmap_local null pointer dereference (5965ac11b1d5/d624833f5984)

CVE-2024-9085 | code-projects Restaurant Reservation System 1.0 index.php date sql injection