Описание
A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-9934
- https://github.com/Axelioc/CVE/blob/main/TOTOLINK/X5000R/sub_410C34/sub_410C34.md
- https://github.com/Axelioc/CVE/blob/main/TOTOLINK/X5000R/sub_410C34/sub_410C34.md#poc
- https://vuldb.com/?ctiid.322336
- https://vuldb.com/?id.322336
- https://vuldb.com/?submit.643048
- https://www.totolink.net
Связанные уязвимости
A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
Уязвимость функции sub_410C34() (/cgi-bin/cstecgi.cgi) микропрограммного обеспечения роутеров TOTOLINK X5000R, позволяющая нарушителю выполнить произвольные команды