Totolink

X6000r Firmware

55 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-11005

  • EPSS 3.22%
  • Veröffentlicht 25.09.2025 21:15:31
  • Zuletzt bearbeitet 16.10.2025 15:45:04

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458_B20250708.

8.8

CVE-2025-52907

  • EPSS 1.06%
  • Veröffentlicht 24.09.2025 18:15:38
  • Zuletzt bearbeitet 14.10.2025 19:44:48

Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

9.8

CVE-2025-52906

  • EPSS 3.25%
  • Veröffentlicht 24.09.2025 18:15:37
  • Zuletzt bearbeitet 14.10.2025 19:45:06

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

7.5

CVE-2025-52905

  • EPSS 0.26%
  • Veröffentlicht 23.09.2025 18:15:33
  • Zuletzt bearbeitet 08.10.2025 18:06:28

Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

9.8

CVE-2025-52053

Exploit
  • EPSS 68.76%
  • Veröffentlicht 15.09.2025 15:15:54
  • Zuletzt bearbeitet 20.09.2025 02:49:46

TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted req...

6.5

CVE-2025-52284

Exploit
  • EPSS 27.31%
  • Veröffentlicht 29.07.2025 00:00:00
  • Zuletzt bearbeitet 15.09.2025 15:15:54

Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.

5.1

CVE-2025-25524

  • EPSS 0.05%
  • Veröffentlicht 11.02.2025 19:15:19
  • Zuletzt bearbeitet 29.04.2025 16:22:26

Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the rem...

9.8

CVE-2024-52723

  • EPSS 0.23%
  • Veröffentlicht 22.11.2024 16:15:33
  • Zuletzt bearbeitet 13.03.2025 18:15:45

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.

9.8

CVE-2024-7907

Exploit
  • EPSS 2.74%
  • Veröffentlicht 18.08.2024 16:15:04
  • Zuletzt bearbeitet 19.08.2024 18:53:05

A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command in...

8.8

CVE-2024-2353

Exploit
  • EPSS 12.32%
  • Veröffentlicht 10.03.2024 08:15:05
  • Zuletzt bearbeitet 16.12.2024 22:57:06

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip l...