VYPR

X18

by Totolink

CVEs (14)

  • CVE-2025-29209CriApr 18, 2025
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi.

  • CVE-2025-29064CriApr 3, 2025
    risk 0.64cvss 9.8epss 0.01

    An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi.

  • CVE-2023-29803CriApr 14, 2023
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function.

  • CVE-2023-29802CriApr 14, 2023
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.

  • CVE-2023-29801CriApr 14, 2023
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function.

  • CVE-2023-29800CriApr 14, 2023
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.

  • CVE-2023-29799CriApr 14, 2023
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.

  • CVE-2023-29798CriApr 14, 2023
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.

  • CVE-2025-1340HigFeb 16, 2025
    risk 0.58cvss 8.8epss 0.14

    A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible to launch the attack…

  • CVE-2025-1829MedMar 2, 2025
    risk 0.42cvss 6.3epss 0.11

    A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can…

  • CVE-2025-1339MedFeb 16, 2025
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been rated as critical. This issue affects the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be initiated…

  • CVE-2024-10966MedNov 7, 2024
    risk 0.41cvss 6.3epss 0.03

    A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may…

  • CVE-2025-61044Oct 1, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the agentName parameter in the setEasyMeshAgentCfg function.

  • CVE-2025-61045Oct 1, 2025
    risk 0.00cvss epss 0.02

    TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the mac parameter in the setEasyMeshAgentCfg function.