CVE-2025-5504

CVSS v2.0

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions TOTOLINK X2000R version 1.0.0-B20230726.1108

Description A critical issue exists in the TOTOLINK X2000R router related to insufficient input validation when processing the

peerRptPin

parameter. Exploitation of this issue can allow a remote attacker to execute arbitrary code by sending specially crafted POST requests to the

/boafrm/formWsc

API endpoint. The vulnerability leads to command injection. The exploit has been publicly disclosed and may be used. The vendor was contacted regarding this disclosure but did not respond.

Recommendations For TOTOLINK X2000R version 1.0.0-B20230726.1108, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

BDU:2025-06472

CVE-2025-5504

Affected Products

Totolink X2000R

CVE-2025-5504

Weakness Enumeration

Related Identifiers

Affected Products

References · 11