CVE-2025-1829
Published: 02 March 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2025-1829 is a critical OS command injection vulnerability in the TOTOLINK X18 router running firmware version 9.1.0cu.2024_B20220329. The issue resides in the setMtknatCfg function within the /cgi-bin/cstecgi.cgi script, where manipulation of the mtkhnatEnable argument enables attackers to inject and execute arbitrary operating system commands. It is classified under CWE-77 and CWE-78, with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), and was published on 2025-03-02.
The vulnerability can be exploited remotely by attackers who possess low privileges (PR:L), requiring network access with low attack complexity and no user interaction. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling command execution on the device to disrupt services, modify configurations, or exfiltrate minor data.
References including VulDB entries and a GitHub repository disclose the exploit publicly, noting it may be actively used, while the vendor TOTOLINK was contacted early but provided no response or patches as of the latest information. No official mitigations or firmware updates are detailed in the available advisories.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Remote OS command injection vulnerability in public-facing CGI script (/cgi-bin/cstecgi.cgi) enables exploitation of public-facing applications (T1190) and direct execution of arbitrary Unix shell commands via unsanitized 'mtkhnatEnable' parameter passed to dosystem() (T1059.004).