- Description
- A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- Source
- cna@vuldb.com
- NVD status
- Analyzed
- Products
- x18_firmware
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Secondary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
- Hype score
- Not currently trending
🚨 Critical vulnerabilities in TOTOLINK X18! 🚨 CVE-2025-1339: OS command injection https://t.co/mXTBnu2wAY CVE-2025-1340: Stack-based buffer overflow in setPasswordCfg - https://t.co/jtaWZ7CQ7V Both can be exploited remotely. Vendor unresponsive. #CyberSecurity #Infosec https:
@BaseFortify
17 Feb 2025
25 Impressions
0 Retweets
1 Like
0 Bookmarks
2 Replies
0 Quotes
🚨Critical Security Vulnerability in TOTOLINK X18 9.1.0cu.2024_B20220329 🆔 CVE: CVE-2025-1340 💣 CVSS Score: 8.7 📅 Published Date: 25/02/16 ⚠️ Details: A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. https://t.co/yMyrEo2Yrv
@doncaptador
16 Feb 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Critical Security Vulnerability in TOTOLINK X18 9.1.0cu.2024_B20220329 🆔 CVE: CVE-2025-1340 💣 CVSS Score: 8.7 📅 Published Date: 25/02/16 ⚠️ Details: A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function… htt
@DarkWebInformer
16 Feb 2025
2890 Impressions
3 Retweets
22 Likes
3 Bookmarks
0 Replies
0 Quotes
[CVE-2025-1340: HIGH] Critical vulnerability identified in TOTOLINK X18 9.1.0cu.2024_B20220329's setPasswordCfg function. Allows remote stack-based buffer overflow attack. Public exploit available after vendor non...#cybersecurity,#vulnerability https://t.co/IcOoewD3Iy https://t.
@CveFindCom
16 Feb 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
There is a new vulnerability with elevated criticality in TOTOLINK X18 (CVE-2025-1340) https://t.co/D2mYQYq2Hl
@vuldb
16 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:totolink:x18_firmware:9.1.0cu.2024_b20220329:*:*:*:*:*:*:*",
"matchCriteriaId": "147FED55-DD5F-4AC0-B261-9FABC0498F67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:totolink:x18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D9B188-E15C-4915-848A-4F6C2E6EB067",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]