CVE-2025-1340 | TOTOLINK X18 9.1.0cu.2024_B20220329 /cgi-bin/cstecgi.cgi setPasswordCfg stack-based overflow

A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to stack-based buffer overflow.

This vulnerability is traded as CVE-2025-1340. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-1340 | TOTOLINK X18 9.1.0cu.2024_B20220329 /cgi-bin/cstecgi.cgi setPasswordCfg stack-based overflow

Related Posts

CVE-2024-12851 | Element Pack Lite Plugin up to 5.10.14 on WordPress cross site scripting

CVE-2024-3090 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Add Ambulance Page /admin/add-ambulance.php Ambulance Reg No/Driver Name cross site scripting

CVE-2024-9908 | D-Link DIR-619L B1 2.06 /goform/formSetMACFilter curTime buffer overflow

CVE-2024-1396 | Averta Shortcodes and Extra Features for Phlox Theme up to 2.15.5 on WordPress title_tag cross site scripting