CVE-2025-1339: TOTOLINK X18 cstecgi.cgi setL2tpdConfig os command injection
First published: Sun Feb 16 2025(Updated: )
A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been rated as critical. This issue affects the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Totolink X18 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1339?
The severity of CVE-2025-1339 is rated as critical.
What type of vulnerability is CVE-2025-1339?
CVE-2025-1339 is an OS command injection vulnerability.
How does CVE-2025-1339 affect TOTOLINK X18?
CVE-2025-1339 affects the function setL2tpdConfig in the file /cgi-bin/cstecgi.cgi within TOTOLINK X18.
How can I fix CVE-2025-1339?
To fix CVE-2025-1339, update the TOTOLINK X18 firmware to the latest version provided by the vendor.
Who is affected by CVE-2025-1339?
Users of the TOTOLINK X18 running version 9.1.0cu.2024_B20220329 are affected by CVE-2025-1339.
- agent/title
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/references
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/source
- agent/severity
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/totolink
- canonical/totolink x18 firmware