CVE-2025-5504

Name of the Vulnerable Software and Affected Versions TOTOLINK X2000R version 1.0.0-B20230726.1108

Description A critical issue exists in the TOTOLINK X2000R router related to insufficient input validation when processing the peerRptPin parameter. Exploitation of this issue can allow a remote attacker to execute arbitrary code by sending specially crafted POST requests to the /boafrm/formWsc API endpoint. The vulnerability leads to command injection. The exploit has been publicly disclosed and may be used. The vendor was contacted regarding this disclosure but did not respond.

Recommendations For TOTOLINK X2000R version 1.0.0-B20230726.1108, at the moment, there is no information about a newer version that contains a fix for this vulnerability.