TOTOLINK X5000R Denial-of-Service Vulnerability in CGI Component

A denial-of-service vulnerability has been identified in the TOTOLINK X5000R router, specifically in version V9.1.0cu.2415_B20250515. The issue resides within the web management interface, where the CGI script '/cgi-bin/cstecgi.cgi' fails to properly validate the 'CONTENT_LENGTH' environment variable. This oversight allows for memory allocation based on exaggerated request sizes, leading to memory exhaustion or a segmentation fault. When the Lighttpd server's request size limit is not applied, an attacker can craft large POST requests that cause the management CGI to crash, disrupting the availability of the web interface.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the management CGI and a loss of availability of the web interface.

Reproduction

To reproduce this vulnerability, send a POST request with a large JSON body to '/cgi-bin/cstecgi.cgi', inflating a field such as 'token' to exceed safe request limits. The device will crash due to memory exhaustion.