CVE-2025-70327CRITICAL 9.8EPSS p48.1%

CVE-2025-70327CVE-2025-70327

Description

TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem without validating if the input starts with a hyphen (-). This allows remote authenticated attackers to inject arbitrary command-line options into the ping utility, potentially leading to a Denial of Service (DoS) by causing excessive resource consumption or prolonged execution.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.69% probability of exploitation · percentile 48.1% · 2026-06-18T12:00:27Z
Published2026-02-23
Last modified2026-02-26

Underlying weaknesses· 2

CWE-88CWE-400

References

  1. https://github.com/neighborhood-H/0-DAY/blob/main/Toto-link/X5000R/SetDiagnosisCfg/report.md
  2. https://www.notion.so/TOTOLINK-X5000R-SetDiagnosisCfg-2d170566ca7f8098a0bcee9f2a15d40d?source=copy_link

2

TypeTargetConfidenceTier
WeaknessUncontrolled Resource Consumptioncwe-4000%live
WeaknessImproper Neutralization of Argument Delimiters in a Command ('Argument Injection')cwe-880%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-70329
CVE
CVE-2025-9934
CVE
CVE-2025-7524
CVE
CVE-2026-5101
CVE
CVE-2026-1149
CVE
CVE-2026-4611
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.