CVE-2025-61045
Published: 01 October 2025
Description
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Security Summary
CVE-2025-61045 is a command injection vulnerability (CWE-77, CWE-78) affecting the TOTOLINK X18 router running firmware version V9.1.0cu.2053_B20230309. The flaw resides in the setEasyMeshAgentCfg function, where the mac parameter fails to properly sanitize user input, allowing attackers to inject and execute arbitrary operating system commands. With a CVSS v3.1 base score of 9.8 (Critical), it enables network-accessible exploitation with low complexity and no authentication or user interaction required.
An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted request to the affected endpoint over the network. Successful exploitation grants high-impact remote code execution, compromising confidentiality, integrity, and availability (C:H/I:H/A:H) on the targeted device, potentially leading to full control over the router, data theft, or use as a pivot for further network attacks.
Mitigation details and proof-of-concept exploitation information are available in the referenced advisory at https://github.com/ilovekeer/IOT/blob/main/TOTOLINK/X18/setEasyMeshAgentCfg/1.md. Security practitioners should check for firmware updates from TOTOLINK and apply network segmentation or firewall rules to block unauthorized access to the affected function until patched.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Command injection via web parameter in router's EasyMesh configuration enables exploitation of public-facing application (T1190), remote service exploitation (T1210), and arbitrary Unix shell command execution (T1059.004).