Details of VAR-202602-2737

ID

VAR-202602-2737

CVE

CVE-2025-70329

TITLE

TOTOLINK of X5000R in the firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2026-004897

DESCRIPTION

TOTOLink X5000R v9.1.0cu_2415_B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 (and other vlanVidLanX) parameters are retrieved via Uci_Get_Str and passed to the CsteSystem function without adequate validation or filtering. This allows an authenticated attacker to execute arbitrary shell commands with root privileges by injecting shell metacharacters into the affected parameters. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-70329 // JVNDB: JVNDB-2026-004897

AFFECTED PRODUCTS

vendor:	totolink	model:	x5000r	scope:	eq	version:	9.1.0cu.2415_b20250515	Trust: 1.0
vendor:	totolink	model:	x5000r	scope:	eq	version:	x5000r firmware 9.1.0cu.2415_b20250515	Trust: 0.8
vendor:	totolink	model:	x5000r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	x5000r	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-004897 // NVD: CVE-2025-70329

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-70329
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-004897
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-70329
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-004897
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-004897 // NVD: CVE-2025-70329

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-004897 // NVD: CVE-2025-70329

PATCH

title:

0-DAY/Toto-link/X5000R/SetIptvCfg/report.md at main neighborhood-H/0-DAY GitHub NotionNotion

url:

https://github.com/neighborhood-H/0-DAY/blob/main/Toto-link/X5000R/SetIptvCfg/report.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-004897

EXTERNAL IDS

db:	NVD	id:	CVE-2025-70329	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-004897	Trust: 0.8

sources: JVNDB: JVNDB-2026-004897 // NVD: CVE-2025-70329

REFERENCES

url:	https://www.notion.so/totolink-x5000r-setiptvcfg-2d170566ca7f8027ad47e6b5429025fc?source=copy_link	Trust: 1.0
url:	https://github.com/neighborhood-h/0-day/blob/main/toto-link/x5000r/setiptvcfg/report.md	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-70329	Trust: 0.8

sources: JVNDB: JVNDB-2026-004897 // NVD: CVE-2025-70329

SOURCES

db:	JVNDB	id:	JVNDB-2026-004897
db:	NVD	id:	CVE-2025-70329

LAST UPDATE DATE

2026-02-28T02:50:57.630000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-004897	date:	2026-02-26T04:14:00
db:	NVD	id:	CVE-2025-70329	date:	2026-02-24T20:38:09.483

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-004897	date:	2026-02-26T00:00:00
db:	NVD	id:	CVE-2025-70329	date:	2026-02-23T20:28:53.603