Sign-up

ID

VAR-202509-0181


CVE

CVE-2025-9934


TITLE

TOTOLINK X5000R Command Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-20930

DESCRIPTION

A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The TOTOLINK X5000R is a wireless router that supports Wi-Fi 6 technology, featuring a full-coverage mesh system and dual-band transmission capabilities, making it suitable for home and enterprise network environments. The TOTOLINK X5000R has a command injection vulnerability caused by the failure of the pid parameter in the /cgi-bin/cstecgi.cgi file to properly sanitize special characters and commands when constructing commands. Detailed vulnerability details are not available at this time

Trust: 1.44

sources: NVD: CVE-2025-9934 // CNVD: CNVD-2025-20930

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-20930

AFFECTED PRODUCTS

vendor:totolinkmodel:x5000r 9.1.0cu.2415 b20250515scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-20930

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-9934
value: LOW

Trust: 1.0

CNVD: CNVD-2025-20930
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2025-9934
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-20930
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-9934
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-20930 // NVD: CVE-2025-9934

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

sources: NVD: CVE-2025-9934

EXTERNAL IDS

db:NVDid:CVE-2025-9934

Trust: 1.6

db:VULDBid:322336

Trust: 1.0

db:CNVDid:CNVD-2025-20930

Trust: 0.6

sources: CNVD: CNVD-2025-20930 // NVD: CVE-2025-9934

REFERENCES

url:https://github.com/axelioc/cve/blob/main/totolink/x5000r/sub_410c34/sub_410c34.md

Trust: 1.6

url:https://vuldb.com/?submit.643048

Trust: 1.0

url:https://vuldb.com/?id.322336

Trust: 1.0

url:https://www.totolink.net/

Trust: 1.0

url:https://github.com/axelioc/cve/blob/main/totolink/x5000r/sub_410c34/sub_410c34.md#poc

Trust: 1.0

url:https://vuldb.com/?ctiid.322336

Trust: 1.0

sources: CNVD: CNVD-2025-20930 // NVD: CVE-2025-9934

SOURCES

db:CNVDid:CNVD-2025-20930
db:NVDid:CVE-2025-9934

LAST UPDATE DATE

2025-09-13T23:27:49.958000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-20930date:2025-09-10T00:00:00
db:NVDid:CVE-2025-9934date:2025-09-04T15:35:29.497

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-20930date:2025-09-10T00:00:00
db:NVDid:CVE-2025-9934date:2025-09-04T10:42:37.390