CVE-2025-1339
BaseFortify
Publication date: 2025-02-16
Last updated on: 2025-03-10
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | x18_firmware | 9.1.0cu.2024_b20220329 |
| totolink | x18 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-1339 is a critical vulnerability found in the TOTOLINK X18 router, specifically in the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. The vulnerability allows for OS command injection through manipulation of the 'enable' argument, which can be exploited remotely. The issue has been publicly disclosed, and the vendor did not respond to early notifications about the vulnerability.
How can this vulnerability impact me?
This vulnerability can allow an attacker to execute arbitrary OS commands on the affected device, potentially leading to unauthorized access, data breaches, or complete control over the device. If you are using the TOTOLINK X18 router, your network and connected devices could be at risk, which may lead to further exploitation or compromise of sensitive information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?
The exploitation of this vulnerability could lead to unauthorized access to personal data or sensitive information, which may violate compliance requirements under regulations like GDPR and HIPAA. Organizations that fail to secure their devices against such vulnerabilities may face legal repercussions, fines, and damage to their reputation due to non-compliance with data protection standards.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability, you can use network scanning tools like Nmap to check for open ports and services running on your TOTOLINK X18 device. A command like 'nmap -sV <target_ip>' can help identify the version of the service running. Additionally, you can check for specific patterns in the HTTP responses from the device using tools like curl or wget. For example, 'curl -I http://<target_ip>/cgi-bin/cstecgi.cgi' can help you see if the vulnerable endpoint is accessible.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should immediately restrict access to the affected device by implementing firewall rules to limit incoming connections. Additionally, consider disabling remote access features if they are not needed. Regularly update the device firmware to the latest version provided by the vendor, and monitor your network for any suspicious activity related to this vulnerability.