Exploitation Summary
EIP tracks 1 public exploit for CVE-2025-67445. PoCs published by DaRkSpOoOk.
AI-analyzed exploit summary The repository contains a functional Python PoC that exploits a DoS vulnerability in TOTOLINK X5000R V9.1.0cu.2415 by sending oversized HTTP POST requests to the CGI endpoint, causing memory exhaustion and a segmentation fault. The exploit leverages the lack of request size enforcement in the Lighttpd configuration.
Description
TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CONTENT_LENGTH + 1) without sufficient bounds checking. When lighttpd s request size limit is not enforced, a crafted large POST request can cause memory exhaustion or a segmentation fault, leading to a crash of the management CGI and loss of availability of the web interface.
Exploits (1)
The repository contains a functional Python PoC that exploits a DoS vulnerability in TOTOLINK X5000R V9.1.0cu.2415 by sending oversized HTTP POST requests to the CGI endpoint, causing memory exhaustion and a segmentation fault. The exploit leverages the lack of request size enforcement in the Lighttpd configuration.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H