| Title | TOTOlink X18 V9.1.0cu.2024_B20220329 Command Injection |
|---|
| Description | In the setL2tpdConfig function in the firmware of X18 , there are arbitrary system command vulnerabilities and RCE vulnerabilities, which can be executed by arbitrary system commands to obtain server permissions, bounce shells, etc. |
|---|
| Source | ⚠️ https://github.com/stevenchen0x01/CVE2/blob/main/cve1.md |
|---|
| User | Steven_Dra3w (UID 76559) |
|---|
| Submission | 02/05/2025 12:59 (1 Year ago) |
|---|
| Moderation | 02/15/2025 15:51 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 295955 [TOTOLINK X18 9.1.0cu.2024_B20220329 /cgi-bin/cstecgi.cgi setL2tpdConfig enable os command injection] |
|---|
| Points | 16 |
|---|