TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem without validating if the input starts with a hyphen (-). This allows remote authenticated attackers to inject arbitrary command-line options into the ping utility, potentially leading to a Denial of Service (DoS) by causing excessive resource consumption or prolonged execution.
The 'ip' parameter is retrieved by the websGetVar function and passed directly to the ping command via the CsteSystem function without verification that the input does not start with a hyphen (-). The lack of this validation (CWE-88) allows an attacker to pass arbitrary command-line options to the ping tool. This results in excessive consumption of system resources or prolonged command execution (CWE-400), leading to device unavailability.
A remotely authenticated attacker can cause a denial of service (DoS) by excessive consumption of system resources or forcing prolonged process execution on the device. As a result, the device may become unavailable to authorized users.
Apply patches available from the manufacturer according to the references. Until an update is released, it is recommended to restrict access to the device management interface to trusted hosts only and use strong, unique administrative passwords.
TOTOLINK X5000R with firmware version v9.1.0cu_2415_B20250515
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTotolink X5000r
HWTotolinkwszystkie wersjeTotolink X5000r Firmware
OSTotolink9.1.0cu.2415_b20250515
Related vulnerabilities
Totolink X5000R: auth bypass umożliwiający nieautoryzowany dostęp root przez Telnet
Command injection w TOTOLINK X5000R — podatność RCE przez parametr 'port'
Buffer Overflow w TOTOLINK X5000R i A7000R — RCE przez pole IP
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a ...
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a ...