Totolink

X6000r

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.2

CVE-2026-1723

  • EPSS 1.18%
  • Veröffentlicht 30.01.2026 20:52:09
  • Zuletzt bearbeitet 04.02.2026 16:34:21

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826.

9.8

CVE-2025-11005

  • EPSS 3.22%
  • Veröffentlicht 25.09.2025 21:15:31
  • Zuletzt bearbeitet 16.10.2025 15:45:04

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458_B20250708.

8.8

CVE-2025-52907

  • EPSS 1.06%
  • Veröffentlicht 24.09.2025 18:15:38
  • Zuletzt bearbeitet 14.10.2025 19:44:48

Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

9.8

CVE-2025-52906

  • EPSS 3.25%
  • Veröffentlicht 24.09.2025 18:15:37
  • Zuletzt bearbeitet 14.10.2025 19:45:06

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

7.5

CVE-2025-52905

  • EPSS 0.26%
  • Veröffentlicht 23.09.2025 18:15:33
  • Zuletzt bearbeitet 08.10.2025 18:06:28

Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

9.8

CVE-2025-52053

Exploit
  • EPSS 68.76%
  • Veröffentlicht 15.09.2025 15:15:54
  • Zuletzt bearbeitet 20.09.2025 02:49:46

TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted req...

6.5

CVE-2025-52284

Exploit
  • EPSS 27.31%
  • Veröffentlicht 29.07.2025 00:00:00
  • Zuletzt bearbeitet 15.09.2025 15:15:54

Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.

5.1

CVE-2025-25524

  • EPSS 0.05%
  • Veröffentlicht 11.02.2025 19:15:19
  • Zuletzt bearbeitet 29.04.2025 16:22:26

Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the rem...

9.8

CVE-2024-1781

Exploit
  • EPSS 15.68%
  • Veröffentlicht 23.02.2024 01:15:52
  • Zuletzt bearbeitet 01.04.2025 15:35:54

A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injectio...