CVE-2025-1829: TOTOLINK X18 cstecgi.cgi setMtknatCfg os command injection
First published: Sun Mar 02 2025(Updated: )
A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Totolink X18 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1829?
CVE-2025-1829 has been declared a critical vulnerability.
How does CVE-2025-1829 exploit function setMtknatCfg?
CVE-2025-1829 exploits the function setMtknatCfg by manipulating the mtkhnatEnable argument to perform OS command injection.
What devices are affected by CVE-2025-1829?
CVE-2025-1829 affects the TOTOLINK X18 firmware version 9.1.0cu.2024_B20220329.
What are the potential consequences of CVE-2025-1829?
The consequences of CVE-2025-1829 include potential unauthorized access and control over the affected device due to OS command injection.
How can I mitigate CVE-2025-1829?
To mitigate CVE-2025-1829, update the firmware of the TOTOLINK X18 to a version that is not vulnerable.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/source
- agent/author
- agent/last-modified-date
- agent/tags
- agent/event
- vendor/totolink
- canonical/totolink x18 firmware