CVE-2025-67445 | THREATINT

Description

TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CONTENT_LENGTH + 1) without sufficient bounds checking. When lighttpd s request size limit is not enforced, a crafted large POST request can cause memory exhaustion or a segmentation fault, leading to a crash of the management CGI and loss of availability of the web interface.

PUBLISHED Reserved 2025-12-08 | Published 2026-02-24 | Updated 2026-02-24 | Assigner mitre

References

totolink.com

github.com/DaRkSpOoOk/CVE-2025-67445

cve.org (CVE-2025-67445)

nvd.nist.gov (CVE-2025-67445)

Download JSON