X18
by Totolink
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-29209 | Cri | 0.64 | 9.8 | 0.01 | Apr 18, 2025 | TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi. | ||
| CVE-2025-29064 | Cri | 0.64 | 9.8 | 0.01 | Apr 3, 2025 | An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi. | ||
| CVE-2023-29803 | Cri | 0.64 | 9.8 | 0.02 | Apr 14, 2023 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. | ||
| CVE-2023-29802 | Cri | 0.64 | 9.8 | 0.02 | Apr 14, 2023 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | ||
| CVE-2023-29801 | Cri | 0.64 | 9.8 | 0.02 | Apr 14, 2023 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. | ||
| CVE-2023-29800 | Cri | 0.64 | 9.8 | 0.02 | Apr 14, 2023 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | ||
| CVE-2023-29799 | Cri | 0.64 | 9.8 | 0.02 | Apr 14, 2023 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. | ||
| CVE-2023-29798 | Cri | 0.64 | 9.8 | 0.02 | Apr 14, 2023 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | ||
| CVE-2025-1340 | Hig | 0.58 | 8.8 | 0.14 | Feb 16, 2025 | A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible to launch the attack… | ||
| CVE-2025-1829 | Med | 0.42 | 6.3 | 0.11 | Mar 2, 2025 | A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can… | ||
| CVE-2025-1339 | Med | 0.41 | 6.3 | 0.03 | Feb 16, 2025 | A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been rated as critical. This issue affects the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be initiated… | ||
| CVE-2024-10966 | Med | 0.41 | 6.3 | 0.03 | Nov 7, 2024 | A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may… | ||
| CVE-2025-61044 | 0.00 | — | 0.01 | Oct 1, 2025 | TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the agentName parameter in the setEasyMeshAgentCfg function. | |||
| CVE-2025-61045 | 0.00 | — | 0.02 | Oct 1, 2025 | TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the mac parameter in the setEasyMeshAgentCfg function. |
- risk 0.64cvss 9.8epss 0.01
TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi.
- risk 0.64cvss 9.8epss 0.01
An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.
- risk 0.58cvss 8.8epss 0.14
A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible to launch the attack…
- risk 0.42cvss 6.3epss 0.11
A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can…
- risk 0.41cvss 6.3epss 0.03
A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been rated as critical. This issue affects the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be initiated…
- risk 0.41cvss 6.3epss 0.03
A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may…
- CVE-2025-61044Oct 1, 2025risk 0.00cvss —epss 0.01
TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the agentName parameter in the setEasyMeshAgentCfg function.
- CVE-2025-61045Oct 1, 2025risk 0.00cvss —epss 0.02
TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the mac parameter in the setEasyMeshAgentCfg function.