CVE-2025-61044
Published: 01 October 2025
Description
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Security Summary
CVE-2025-61044 is a command injection vulnerability (CWE-77) affecting the TOTOLINK X18 router running firmware version V9.1.0cu.2053_B20230309. The flaw exists in the setEasyMeshAgentCfg function, where the agentName parameter fails to properly sanitize user input, allowing injection of arbitrary operating system commands. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its high impact on confidentiality, integrity, and availability.
Remote attackers require no authentication or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation enables arbitrary command execution on the underlying operating system, potentially granting full control over the affected router, including data exfiltration, modification of configurations, or use as a pivot for further network attacks.
A single advisory reference is available at https://github.com/ilovekeer/IOT/blob/main/TOTOLINK/X18/setEasyMeshAgentCfg/2.md, which likely details the vulnerability discovery and proof-of-concept; no vendor patches or specific mitigations are described in the provided information.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The command injection vulnerability in the web interface of the TOTOLINK X18 router enables exploitation of a public-facing application (T1190) and facilitates arbitrary command execution via the network device CLI (T1059.008).