Details of VAR-202602-2988

ID

VAR-202602-2988

CVE

CVE-2025-70327

TITLE

TOTOLINK of X5000R Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-005236

DESCRIPTION

TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem without validating if the input starts with a hyphen (-). This allows remote authenticated attackers to inject arbitrary command-line options into the ping utility, potentially leading to a Denial of Service (DoS) by causing excessive resource consumption or prolonged execution. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-70327 // JVNDB: JVNDB-2026-005236

AFFECTED PRODUCTS

vendor:	totolink	model:	x5000r	scope:	eq	version:	9.1.0cu.2415_b20250515	Trust: 1.0
vendor:	totolink	model:	x5000r	scope:	eq	version:	x5000r firmware 9.1.0cu.2415_b20250515	Trust: 0.8
vendor:	totolink	model:	x5000r	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	x5000r	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-005236 // NVD: CVE-2025-70327

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-70327
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-70327
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2025-70327
value:	CRITICAL
Trust: 0.8

nvd@nist.gov:	CVE-2025-70327
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2025-70327
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-005236 // NVD: CVE-2025-70327 // NVD: CVE-2025-70327

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.0
problemtype:	CWE-88	Trust: 1.0
problemtype:	Resource exhaustion (CWE-400) [ others ]	Trust: 0.8
problemtype:	Insert or change arguments (CWE-88) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-005236 // NVD: CVE-2025-70327

PATCH

title:

0-DAY/Toto-link/X5000R/SetDiagnosisCfg/report.md at main neighborhood-H/0-DAY GitHub NotionNotion

url:

https://github.com/neighborhood-H/0-DAY/blob/main/Toto-link/X5000R/SetDiagnosisCfg/report.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-005236

EXTERNAL IDS

db:	NVD	id:	CVE-2025-70327	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-005236	Trust: 0.8

sources: JVNDB: JVNDB-2026-005236 // NVD: CVE-2025-70327

REFERENCES

url:	https://github.com/neighborhood-h/0-day/blob/main/toto-link/x5000r/setdiagnosiscfg/report.md	Trust: 1.0
url:	https://www.notion.so/totolink-x5000r-setdiagnosiscfg-2d170566ca7f8098a0bcee9f2a15d40d?source=copy_link	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-70327	Trust: 0.8

sources: JVNDB: JVNDB-2026-005236 // NVD: CVE-2025-70327

SOURCES

db:	JVNDB	id:	JVNDB-2026-005236
db:	NVD	id:	CVE-2025-70327

LAST UPDATE DATE

2026-03-01T00:07:11.452000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-005236	date:	2026-02-27T03:45:00
db:	NVD	id:	CVE-2025-70327	date:	2026-02-26T03:06:04.013

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-005236	date:	2026-02-27T00:00:00
db:	NVD	id:	CVE-2025-70327	date:	2026-02-23T21:19:09.270