TOTOLINK X5000R firmware version 9.1.0cu.2089_B20211224 contains a command injection vulnerability in the cstecgi.cgi CGI handler. The exportOvpn functionality improperly processes attacker-controlled request parameters and incorporates them into shell commands executed via system() without adequate input validation or sanitization. An authenticated attacker can supply crafted parameters to inject and execute arbitrary commands with the privileges of the web management service. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-06-11 (UTC).
Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.
Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.