Totolink

X6000r Firmware

52 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-52905

  • EPSS 0.16%
  • Published 23.09.2025 18:15:33
  • Last modified 08.10.2025 18:06:28

Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

9.8

CVE-2025-52053

Exploit
  • EPSS 53.02%
  • Published 15.09.2025 15:15:54
  • Last modified 20.09.2025 02:49:46

TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted req...

6.5

CVE-2025-52284

Exploit
  • EPSS 46.97%
  • Published 29.07.2025 00:00:00
  • Last modified 15.09.2025 15:15:54

Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.

5.1

CVE-2025-25524

  • EPSS 0.05%
  • Published 11.02.2025 19:15:19
  • Last modified 29.04.2025 16:22:26

Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the rem...

9.8

CVE-2024-52723

  • EPSS 0.47%
  • Published 22.11.2024 16:15:33
  • Last modified 13.03.2025 18:15:45

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.

9.8

CVE-2024-7907

Exploit
  • EPSS 2.04%
  • Published 18.08.2024 16:15:04
  • Last modified 19.08.2024 18:53:05

A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command in...

8.8

CVE-2024-2353

Exploit
  • EPSS 12.32%
  • Published 10.03.2024 08:15:05
  • Last modified 16.12.2024 22:57:06

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip l...

9.8

CVE-2024-1781

Exploit
  • EPSS 4.28%
  • Published 23.02.2024 01:15:52
  • Last modified 01.04.2025 15:35:54

A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injectio...

5.5

CVE-2024-1661

Exploit
  • EPSS 0.05%
  • Published 20.02.2024 13:15:08
  • Last modified 21.11.2024 08:51:01

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to laun...

9.8

CVE-2023-52040

Exploit
  • EPSS 0.1%
  • Published 24.01.2024 18:15:08
  • Last modified 21.11.2024 08:39:03

An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function.