Skip to main content

X18 Firmware CVE-2025-61044

| EUVDEUVD-2025-32053 CRITICAL
Command Injection (CWE-77)
2025-10-01 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 13, 2026 - 18:18 euvd
EUVD-2025-32053
Analysis Generated
Mar 13, 2026 - 18:18 vuln.today
PoC Detected
Oct 16, 2025 - 20:15 vuln.today
Public exploit code
CVE Published
Oct 01, 2025 - 15:15 nvd
CRITICAL 9.8

DescriptionCVE.org

TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the agentName parameter in the setEasyMeshAgentCfg function.

AnalysisAI

Command injection in TOTOLINK X18 via agentName in setEasyMeshAgentCfg. EPSS 2.7%. PoC available.

Technical ContextAI

CWE-77.

RemediationAI

Update firmware.

CVE-2025-61045 CRITICAL POC
9.8 Oct 01

Command injection in TOTOLINK X18 via mac parameter. EPSS 3.4%. PoC available.

CVE-2025-29209 CRITICAL POC
9.8 Apr 18

TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub

CVE-2023-29803 CRITICAL POC
9.8 Apr 14

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter i

CVE-2023-29802 CRITICAL POC
9.8 Apr 14

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in

CVE-2023-29801 CRITICAL POC
9.8 Apr 14

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogE

CVE-2023-29800 CRITICAL POC
9.8 Apr 14

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parame

CVE-2023-29799 CRITICAL POC
9.8 Apr 14

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parame

CVE-2023-29798 CRITICAL POC
9.8 Apr 14

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command paramet

CVE-2025-29064 CRITICAL
9.8 Apr 03

An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54

CVE-2025-1829 MEDIUM POC
5.3 Mar 02

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. Rated medium severity (CVSS 5.3), this vulnerability i

CVE-2024-10966 MEDIUM POC
5.3 Nov 07

A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Rated medium s

CVE-2025-1340 HIGH
8.7 Feb 16

A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Rated high severity (CVSS

Share

CVE-2025-61044 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy