CVE-2025-2095 | TOTOLINK EX1800T 9.1.0cu.2112_B20220316 /cgi-bin/cstecgi.cgi setDmzCfg ip os command injection

Inserito da Angelo Barbosa | Mar 7, 2025 | CVE

A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection.

This vulnerability is uniquely identified as CVE-2025-2095. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2025-2095 | TOTOLINK EX1800T 9.1.0cu.2112_B20220316 /cgi-bin/cstecgi.cgi setDmzCfg ip os command injection

Post correlati

CVE-2024-5475 | Responsive Video Embed Plugin up to 0.5.0 on WordPress Shortcode cross site scripting

CVE-2024-1981 | WPvivid Backup and Migration Plugin up to 0.9.68 on WordPress sql injection

CVE-2024-56202 | ATS up to 9.2.8/10.0.3 Header Field Expect Privilege Escalation

CVE-2024-36129 | OpenTelemetry Collector HTTP/gRPC denial of service