CVE-2025-2095: TOTOLINK EX1800T cstecgi.cgi setDmzCfg os command injection
First published: Fri Mar 07 2025(Updated: )
A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Totolink EX1800T | ||
| All of | ||
| Totolink EX1800T | =9.1.0cu.2112_b20220316 | |
| Totolink EX1800T |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2095?
CVE-2025-2095 is classified as a critical vulnerability.
How do I fix CVE-2025-2095?
To fix CVE-2025-2095, update your TOTOLINK EX1800T device to the latest firmware version available from the manufacturer.
What type of vulnerability is CVE-2025-2095?
CVE-2025-2095 is an OS command injection vulnerability affecting the setDmzCfg function in the TOTOLINK EX1800T.
Can CVE-2025-2095 be exploited remotely?
Yes, CVE-2025-2095 can be exploited remotely.
Which file is associated with CVE-2025-2095?
CVE-2025-2095 is associated with the file /cgi-bin/cstecgi.cgi in the TOTOLINK EX1800T.
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/tags
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- vendor/totolink
- canonical/totolink ex1800t
- version/totolink ex1800t/9.1.0cu.2112_b20220316