CVE-2025-14586

Name of the Vulnerable Software and Affected Versions TOTOLINK X5000R version 9.1.0cu.2089 B20211224

Description A flaw exists in TOTOLINK X5000R that allows for operating system command injection. This occurs due to the manipulation of the User argument within the snprintf function located in the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. Remote exploitation is possible. The exploit has been publicly disclosed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.