Sign-up

ID

VAR-202602-2920


CVE

CVE-2025-67445


TITLE

TOTOLINK of X5000R  Firmware resource exhaustion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2026-005247

DESCRIPTION

TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CONTENT_LENGTH + 1) without sufficient bounds checking. When lighttpd s request size limit is not enforced, a crafted large POST request can cause memory exhaustion or a segmentation fault, leading to a crash of the management CGI and loss of availability of the web interface. TOTOLINK X5000R V9.1.0cu.2415_B20250515 for, /cgi-bin/cstecgi.cgi Denial of service ( DoS ) vulnerability exists. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-67445 // JVNDB: JVNDB-2026-005247

AFFECTED PRODUCTS

vendor:totolinkmodel:x5000rscope:eqversion:9.1.0cu.2415_b20250515

Trust: 1.0

vendor:totolinkmodel:x5000rscope:eqversion:x5000r firmware 9.1.0cu.2415_b20250515

Trust: 0.8

vendor:totolinkmodel:x5000rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:x5000rscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-005247 // NVD: CVE-2025-67445

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2025-67445
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-67445
value: MEDIUM

Trust: 1.0

NVD: CVE-2025-67445
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2025-67445
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-67445
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2025-67445
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-005247 // NVD: CVE-2025-67445 // NVD: CVE-2025-67445

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.0

problemtype:Resource exhaustion (CWE-400) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-005247 // NVD: CVE-2025-67445

PATCH

title:GitHub - DaRkSpOoOk/CVE-2025-67445url:https://github.com/DaRkSpOoOk/CVE-2025-67445

Trust: 0.8

sources: JVNDB: JVNDB-2026-005247

EXTERNAL IDS

db:NVDid:CVE-2025-67445

Trust: 2.6

db:JVNDBid:JVNDB-2026-005247

Trust: 0.8

sources: JVNDB: JVNDB-2026-005247 // NVD: CVE-2025-67445

REFERENCES

url:http://totolink.com

Trust: 1.8

url:https://github.com/darkspoook/cve-2025-67445

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-67445

Trust: 0.8

sources: JVNDB: JVNDB-2026-005247 // NVD: CVE-2025-67445

SOURCES

db:JVNDBid:JVNDB-2026-005247
db:NVDid:CVE-2025-67445

LAST UPDATE DATE

2026-02-28T23:59:37.238000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-005247date:2026-02-27T03:46:00
db:NVDid:CVE-2025-67445date:2026-02-27T19:16:05.517

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-005247date:2026-02-27T00:00:00
db:NVDid:CVE-2025-67445date:2026-02-24T15:21:36.707