CVE-2025-67445

Name of the Vulnerable Software and Affected Versions TOTOLINK X5000R version 9.1.0cu.2415 B20250515

Description The software contains a denial-of-service issue in the /cgi-bin/cstecgi.cgi component. The component reads the CONTENT LENGTH environment variable and allocates memory using malloc with insufficient bounds checking. A crafted, large POST request, when the lighttpd request size limit is not enforced, can lead to memory exhaustion or a segmentation fault, resulting in a crash of the management CGI and loss of web interface availability.

Recommendations Apply a fix that enforces bounds checking on the CONTENT LENGTH environment variable when allocating memory within the /cgi-bin/cstecgi.cgi component.