Totolink

X6000r Firmware

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2026-4611

  • EPSS -
  • Veröffentlicht 23.03.2026 21:13:27
  • Zuletzt bearbeitet 23.03.2026 22:16:31

A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection....

8.8

CVE-2025-70328

Exploit
  • EPSS 2.94%
  • Veröffentlicht 23.02.2026 00:00:00
  • Zuletzt bearbeitet 26.02.2026 03:06:13

TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The host_time parameter is retrieved via sub_40C404 and passed to a date -s shell command throug...

9.8

CVE-2025-11005

  • EPSS 1.19%
  • Veröffentlicht 25.09.2025 21:15:31
  • Zuletzt bearbeitet 16.10.2025 15:45:04

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458_B20250708.

8.8

CVE-2025-52907

  • EPSS 0.35%
  • Veröffentlicht 24.09.2025 18:15:38
  • Zuletzt bearbeitet 14.10.2025 19:44:48

Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

9.8

CVE-2025-52906

  • EPSS 0.95%
  • Veröffentlicht 24.09.2025 18:15:37
  • Zuletzt bearbeitet 14.10.2025 19:45:06

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

7.5

CVE-2025-52905

  • EPSS 0.14%
  • Veröffentlicht 23.09.2025 18:15:33
  • Zuletzt bearbeitet 08.10.2025 18:06:28

Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

9.8

CVE-2025-52053

Exploit
  • EPSS 66.09%
  • Veröffentlicht 15.09.2025 15:15:54
  • Zuletzt bearbeitet 20.09.2025 02:49:46

TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted req...

6.5

CVE-2025-52284

Exploit
  • EPSS 27.18%
  • Veröffentlicht 29.07.2025 00:00:00
  • Zuletzt bearbeitet 15.09.2025 15:15:54

Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.

5.1

CVE-2025-25524

  • EPSS 0.18%
  • Veröffentlicht 11.02.2025 19:15:19
  • Zuletzt bearbeitet 29.04.2025 16:22:26

Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the rem...

9.8

CVE-2024-52723

  • EPSS 0.23%
  • Veröffentlicht 22.11.2024 16:15:33
  • Zuletzt bearbeitet 13.03.2025 18:15:45

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.