CNNVD-202512-2522 Information
CNNVD ID
CNNVD-202512-2522
Related CVE
- CNNVD Published: 2025-12-13
Description (Chinese)
TOTOLINK X5000R是中国吉翁电子(TOTOLINK)公司的一个路由器。 TOTOLINK X5000R 9.1.0cu.2089_B20211224版本存在操作系统命令注入漏洞,该漏洞源于对文件/cgi-bin/cstecgi.cgi?action=exportOvpn&type=user中参数User的错误操作,可能导致os命令注入攻击。
Description (English)
TOTOLINK X5000R is a router for the Chinese company TOTOLINK. TOTOLINK X5000R 9.1.0cu.2089 B20211224 has a loophole in the operating system command, which stems from an error in the parameter User in document/cgi-bin/cstecgi.cgi?action=exportOvpn&type=user, which could lead to an Os command injection attack.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
吉翁电子
Published
2025-12-13
Last Modified
2026-02-24
References
https://github.com/awigwu76/TOTOLINK_X5000R/blob/main/1.md https://vuldb.com/?ctiid.336206 https://vuldb.com/?id.336206 https://vuldb.com/?submit.705593 https://www.totolink.net/ https://access.redhat.com/security/cve/cve-2025-14586
Share on: