Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
TOTOLINK X5000R web interface can crash from a large request
CVE-2025-67445
Summary
The TOTOLINK X5000R web interface is affected by a bug that can cause it to crash if it receives a very large request. This can happen if someone sends a special type of request to the router's web interface. To fix this, update to a newer version of the firmware or configure the web server to limit the size of incoming requests.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| totolink | x5000r_firmware | 9.1.0cu.2415_b20250515 | – |
Original title
TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (...
Original description
TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CONTENT_LENGTH + 1) without sufficient bounds checking. When lighttpd s request size limit is not enforced, a crafted large POST request can cause memory exhaustion or a segmentation fault, leading to a crash of the management CGI and loss of availability of the web interface.
nvd CVSS3.1
7.5
Vulnerability type
CWE-400
Uncontrolled Resource Consumption
- http://totolink.com Product
- https://github.com/DaRkSpOoOk/CVE-2025-67445 Exploit Third Party Advisory
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026