Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CONTENT_LENGTH + 1) without sufficient bounds checking. When lighttpd s request size limit is not enforced, a crafted large POST request can cause memory exhaustion or a segmentation fault, leading to a crash of the management CGI and loss of availability of the web interface.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TOTOLINK X5000R 安全漏洞
Vulnerability Description
TOTOLINK X5000R是中国吉翁电子(TOTOLINK)公司的一个路由器。 TOTOLINK X5000R V9.1.0cu.2415_B20250515版本存在安全漏洞,该漏洞源于/cgi-bin/cstecgi.cgi中CONTENT_LENGTH环境变量边界检查不足,可能导致内存耗尽或分段错误,进而导致管理CGI崩溃和Web界面可用性丧失。
CVSS Information
N/A
Vulnerability Type
N/A