CVE-2025-29209

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Apr 18, 2025

Updated: Apr 29, 2025

CWE ID 77

Summary

CVE-2025-29209 is a newly disclosed vulnerability affecting the TOTOLINK X18 router with firmware version v9.1.0cu.2024_B20220329. This issue enables an unauthorized arbitrary command execution in the 'enable' parameter of the sub_41105C function found within the cstecgi .cgi file. An attacker could exploit this vulnerability by sending maliciously crafted input to the router, potentially gaining full control over the affected device, leading to serious security consequences. Users are urged to update their firmware to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

TOTOLINK

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/4OF17K
https://www.cve.org/CVERecord?id=CVE-2025-29209
https://nvd.nist.gov/vuln/detail/CVE-2025-29209

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2025-29209

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations