Vulnerabilities > CVE-2025-1340 - Stack-based Buffer Overflow vulnerability in Totolink X18 Firmware 9.1.0Cu.2024B20220329

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
totolink
CWE-121

Summary

A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerable Configurations

Part Description Count
OS
Totolink
1
Hardware
Totolink
1

Common Weakness Enumeration (CWE)