TOTOLINK X18 setEasyMeshAgentCfg function mac parameter command injection vulnerability

TOTOLINK X18 is a Mesh WiFi 6 router system from TOTOLINK Taiwan, which supports WiFi 6 technology and optimizes home network coverage through the mesh function. TOTOLINK X18 suffers from a command injection vulnerability that stems from the mac parameter in the setEasyMeshAgentCfg function faili...

EUVD-2025-32018

Malicious code in bioql PyPI...

CVE-2025-61044

TOTOLINK X18 V9.1.0cu.2053B20230309 was discovered to contain a command injection vulnerability via the agentName parameter in the setEasyMeshAgentCfg function...

CVE-2025-61045

TOTOLINK X18 V9.1.0cu.2053B20230309 was discovered to contain a command injection vulnerability via the mac parameter in the setEasyMeshAgentCfg function...

CVE-2025-61044

TOTOLINK X18 V9.1.0cu.2053B20230309 was discovered to contain a command injection vulnerability via the agentName parameter in the setEasyMeshAgentCfg function...

CVE-2025-61044

TOTOLINK X18 V9.1.0cu.2053B20230309 was discovered to contain a command injection vulnerability via the agentName parameter in the setEasyMeshAgentCfg function...

CVE-2025-61045

TOTOLINK X18 V9.1.0cu.2053B20230309 was discovered to contain a command injection vulnerability via the mac parameter in the setEasyMeshAgentCfg function...

CVE-2025-61045

TOTOLINK X18 V9.1.0cu.2053B20230309 was discovered to contain a command injection vulnerability via the mac parameter in the setEasyMeshAgentCfg function...

TOTOLINK X18 命令注入漏洞

TOTOLINK X18 is a Mesh WiFi 6 router system from TOTOLINK Taiwan, which supports WiFi 6 technology and optimizes home network coverage through the mesh function. TOTOLINK X18 suffers from a command injection vulnerability that stems from the failure of the agentName parameter in the...

PT-2025-40255

Name of the Vulnerable Software and Affected Versions TOTOLINK X18 version 9.1.0cu.2053 B20230309 Description The software contains a command injection issue through the mac parameter within the setEasyMeshAgentCfg function. This allows for potential unauthorized command execution. Recommendation...

CVE-2025-61044

TOTOLINK X18 V9.1.0cu.2053B20230309 was discovered to contain a command injection vulnerability via the agentName parameter in the setEasyMeshAgentCfg function...

CVE-2025-61044

TOTOLINK X18 (firmware: 9.1.0cu.2053_B20230309) is affected by a command injection in the setEasyMeshAgentCfg function, exploitable via the agentName parameter. The vulnerability allows arbitrary command execution and is network-authless with low complexity, high impact on confidentiality, integr...

CVE-2025-61045

CVE-2025-61045 affects TOTOLINK X18 with firmware version 9.1.0cu.2053_B20230309. The setEasyMeshAgentCfg function’s mac parameter is susceptible to command injection due to insufficient filtering of command characters, enabling arbitrary command execution. Public reports (CNVD/Red Hat/NVD) confi...

PT-2025-40254

Name of the Vulnerable Software and Affected Versions TOTOLINK X18 version 9.1.0cu.2053 B20230309 Description The software contains a command injection issue through the agentName parameter within the setEasyMeshAgentCfg function. This allows for potential unauthorized command execution...

CVE-2025-61044

TOTOLINK X18 V9.1.0cu.2053B20230309 was discovered to contain a command injection vulnerability via the agentName parameter in the setEasyMeshAgentCfg function...