CVE-2025-1829 | TOTOLINK X18 9.1.0cu.2024_B20220329 /cgi-bin/cstecgi.cgi setMtknatCfg mtkhnatEnable os command injection

CVE-2025-1829 | TOTOLINK X18 9.1.0cu.2024_B20220329 /cgi-bin/cstecgi.cgi setMtknatCfg mtkhnatEnable os command injection

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. This vulnerability was named CVE-2025-1829. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.