Details of VAR-202509-4507

ID

VAR-202509-4507

TITLE

TOTOLINK X18 has a binary vulnerability.

Trust: 0.6

sources: CNVD: CNVD-2025-26051

DESCRIPTION

The X18 is a wireless router manufactured by TOTOLINK, a Chinese company. The TOTOLINK X18 contains a binary vulnerability that attackers could exploit to gain server privileges.

Trust: 0.6

sources: CNVD: CNVD-2025-26051

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-26051

AFFECTED PRODUCTS

vendor:	totolink	model:	-	scope:	eq	version:	x18v9.1.0	Trust: 0.6
vendor:	totolink	model:	v9.1.0cu.2024 b20220329	scope:	eq	version:	x18	Trust: 0.6

sources: CNVD: CNVD-2025-26051

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2025-26051
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-26051
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2025-26051

EXTERNAL IDS

db:

CNVD

id:

CNVD-2025-26051

Trust: 0.6

sources: CNVD: CNVD-2025-26051

SOURCES

db:

CNVD

id:

CNVD-2025-26051

LAST UPDATE DATE

2025-11-19T23:27:41.230000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2025-26051

date:

2025-10-31T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2025-26051

date:

2025-09-18T00:00:00