cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-1340,https://securityvulnerability.io/vulnerability/CVE-2025-1340,Stack-Based Buffer Overflow Vulnerability in TOTOLINK X18 Router,"A vulnerability has been identified in the TOTOLINK X18 router, specifically within the setPasswordCfg function of the cstecgi.cgi file. This flaw can lead to a stack-based buffer overflow, allowing remote attackers to exploit the device without needing physical access. The issue has been publicly disclosed, raising the stakes for users to safeguard their networks against potential malicious activities. The vendor was notified prior to this disclosure but did not provide a response.",Totolink,X18,8.7,HIGH,0.0011399999493733048,false,,false,false,true,2025-02-16T13:31:05.000Z,true,false,false,,2025-02-16T13:31:05.705Z,239
CVE-2025-1339,https://securityvulnerability.io/vulnerability/CVE-2025-1339,OS Command Injection Vulnerability in TOTOLINK X18 Router,"A vulnerability has been identified in the TOTOLINK X18 Router, specifically in the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. This issue allows for potential OS command injection through manipulation of the argument 'enable.' The vulnerability can be exploited remotely, raising concerns about unauthorized access and control over the router. Despite early disclosure to the vendor, no response was received, leaving the security of users at risk. Mitigation efforts are recommended to prevent exploitation.",Totolink,X18,5.3,MEDIUM,0.0006600000197067857,false,,false,false,true,2025-02-16T12:00:19.000Z,true,false,false,,2025-02-16T12:00:19.638Z,0
CVE-2024-10966,https://securityvulnerability.io/vulnerability/CVE-2024-10966,OS Command Injection in TOTOLINK X18 Router,"A severe OS command injection vulnerability has been identified in the TOTOLINK X18 router, specifically in the handling of requests made to the cstecgi.cgi file. The flaw allows attackers to manipulate input parameters, notably the 'enable' argument, thus executing arbitrary commands on the operating system of the router. With the potential for remote exploitation, this vulnerability poses a significant threat, as attackers can gain unauthorized access and control over the affected device. Users are urged to apply security measures and updates promptly to mitigate the risks associated with this vulnerability.",Totolink,X18,8.8,HIGH,0.03700999915599823,false,,false,false,true,2024-11-07T18:00:10.000Z,true,false,false,,2024-11-07T18:00:10.394Z,0
CVE-2023-29800,https://securityvulnerability.io/vulnerability/CVE-2023-29800,Command Injection Vulnerability in TOTOLINK Router,"The TOTOLINK X18 firmware version V9.1.0cu.2024_B20220329 has a command injection flaw that allows attackers to exploit the UploadFirmwareFile function through the FileName parameter. This vulnerability can enable unauthorized command execution, posing significant security risks to affected devices.",Totolink,X18 Firmware,9.8,CRITICAL,0.2264299988746643,false,,false,false,false,,,false,false,,2023-04-14T00:00:00.000Z,0
CVE-2023-29801,https://securityvulnerability.io/vulnerability/CVE-2023-29801,Command Injection Vulnerability in TOTOLINK Routers by TOTOLINK,"The TOTOLINK X18 router version V9.1.0cu.2024_B20220329 is susceptible to multiple command injection vulnerabilities. These weaknesses arise from improper validation of user input in the setSyslogCfg function, specifically through parameters rtLogEnabled and rtLogServer. An attacker may exploit these vulnerabilities to execute arbitrary commands on the affected device, potentially compromising its functionality and security.",Totolink,X18 Firmware,9.8,CRITICAL,0.2264299988746643,false,,false,false,false,,,false,false,,2023-04-14T00:00:00.000Z,0
CVE-2023-29799,https://securityvulnerability.io/vulnerability/CVE-2023-29799,Command Injection Vulnerability in TOTOLINK X18,"The TOTOLINK X18 device is affected by a command injection vulnerability that can be exploited through the hostname parameter in the setOpModeCfg function. This weakness could allow an attacker to execute arbitrary commands on the system, potentially leading to unauthorized access or manipulation of device settings. Users are advised to apply security updates to mitigate the risk associated with this vulnerability.",Totolink,X18 Firmware,9.8,CRITICAL,0.2264299988746643,false,,false,false,false,,,false,false,,2023-04-14T00:00:00.000Z,0
CVE-2023-29803,https://securityvulnerability.io/vulnerability/CVE-2023-29803,Command Injection Vulnerability in TOTOLINK X18 Product,"The TOTOLINK X18 model, specifically version 9.1.0cu.2024_B20220329, is exposed to a command injection vulnerability. This vulnerability occurs through improper handling of the 'pid' parameter within the 'disconnectVPN' function, which can allow an attacker to execute arbitrary commands on the system. Users are advised to update their firmware to prevent exploitation.",Totolink,X18 Firmware,9.8,CRITICAL,0.2264299988746643,false,,false,false,false,,,false,false,,2023-04-14T00:00:00.000Z,0
CVE-2023-29798,https://securityvulnerability.io/vulnerability/CVE-2023-29798,Command Injection Vulnerability in TOTOLINK X18 Router,"The TOTOLINK X18 router has a command injection flaw that can be exploited through the command parameter in the setTracerouteCfg function. An attacker could use this vulnerability to execute arbitrary commands on the device, potentially leading to unauthorized access or manipulation of the router's settings. This makes it critical for users to ensure their devices are secured against such vulnerabilities.",Totolink,X18 Firmware,9.8,CRITICAL,0.2264299988746643,false,,false,false,false,,,false,false,,2023-04-14T00:00:00.000Z,0
CVE-2023-29802,https://securityvulnerability.io/vulnerability/CVE-2023-29802,Command Injection Vulnerability in TOTOLINK Router,"The TOTOLINK X18 router has a command injection vulnerability that stems from improper handling of the 'ip' parameter in the setDiagnosisCfg function. This can potentially allow attackers to execute arbitrary commands on the affected device, compromising network security and user data.",Totolink,X18 Firmware,9.8,CRITICAL,0.2264299988746643,false,,false,false,false,,,false,false,,2023-04-14T00:00:00.000Z,0