TOTOLINK X5000R cstecgi.cgi snprintf os command injection_CVE-2025-14586

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

Basic Information

ID CVE-2025-14586

Source VulDB

Published Dec 13, 2025 at 06:32

Affected Product

Vendor TOTOLINK

Product X5000R

Version 9.1.0cu.2089_B20211224

Affected Versions TOTOLINK X5000R 9.1.0cu.2089_B20211224

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.",
    "published": "2025-12-13T06:32:10.624Z",
    "modified": "2025-12-13T06:32:10.624Z",
    "type": "cve",
    "title": "TOTOLINK X5000R cstecgi.cgi snprintf os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.336206\nhttps://vuldb.com/?ctiid.336206\nhttps://vuldb.com/?submit.705593\nhttps://github.com/awigwu76/TOTOLINK_X5000R/blob/main/1.md\nhttps://www.totolink.net/",
    "id": "CVE-2025-14586",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "TOTOLINK X5000R 9.1.0cu.2089_B20211224",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "X5000R",
    "version": "9.1.0cu.2089_B20211224",
    "vendor": "TOTOLINK",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}