X18 Firmware Security Vulnerabilities and Issues — X18 Firmware CVE List

Lucene search

TotolinkX18 Firmware

12 matches found

CVE•added 2023/04/14 2:15 p.m.•220 views

CVE-2023-29800

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.

9.8CVSS9.7AI score0.01454EPSS

CVE•added 2025/03/02 7:15 p.m.•73 views

CVE-2025-1829

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated remote...

8.8CVSS7.3AI score0.01328EPSS

CVE•added 2025/02/16 2:15 p.m.•59 views

CVE-2025-1340

A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit ...

9CVSS7AI score0.00104EPSS

CVE•added 2023/04/14 2:15 p.m.•48 views

CVE-2023-29799

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.

9.8CVSS9.7AI score0.01454EPSS

CVE•added 2023/04/14 2:15 p.m.•46 views

CVE-2023-29803

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function.

9.8CVSS9.7AI score0.01454EPSS

CVE•added 2025/02/16 12:15 p.m.•46 views

CVE-2025-1339

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been rated as critical. This issue affects the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely. The exploit ...

8.8CVSS6.9AI score0.00093EPSS

CVE•added 2023/04/14 2:15 p.m.•45 views

CVE-2023-29798

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.

9.8CVSS9.7AI score0.01454EPSS

CVE•added 2025/04/18 3:15 p.m.•44 views

CVE-2025-29209

TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi.

9.8CVSS7.3AI score0.0073EPSS

CVE•added 2025/04/03 8:15 p.m.•42 views

CVE-2025-29064

An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi.

9.8CVSS8.1AI score0.01776EPSS

CVE•added 2023/04/14 2:15 p.m.•38 views

CVE-2023-29802

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.

9.8CVSS9.7AI score0.01454EPSS

CVE•added 2024/11/07 6:15 p.m.•38 views

CVE-2024-10966

A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely...

8.8CVSS7.7AI score0.02835EPSS

CVE•added 2023/04/14 2:15 p.m.•37 views

CVE-2023-29801

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function.

9.8CVSS9.9AI score0.01454EPSS