CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-9934

A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.028

EPSS Ranking 85.6%

CVSS Severity

CVSS v3 Score 6.3

CVSS v2 Score 6.5

References

https://github.com/Axelioc/CVE/blob/main/TOTOLINK/X5000R/sub_410C34/sub_410C34.md
https://github.com/Axelioc/CVE/blob/main/TOTOLINK/X5000R/sub_410C34/sub_410C34.md#poc
https://vuldb.com/?ctiid.322336
https://vuldb.com/?id.322336
https://vuldb.com/?submit.643048
https://www.totolink.net/

Products affected by CVE-2025-9934

Totolink » X5000r » Version: N/A

cpe:2.3:h:totolink:x5000r:-
Totolink » X5000r Firmware » Version: 9.1.0cu.2415_b20250515

cpe:2.3:o:totolink:x5000r_firmware:9.1.0cu.2415_b20250515

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-9934

Products

Pricing

Contact Us