Totolink

X5000r Firmware

65 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-42737

Exploit
  • EPSS 5.3%
  • Veröffentlicht 13.08.2024 14:15:13
  • Zuletzt bearbeitet 13.08.2024 18:35:07

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8

CVE-2024-42738

Exploit
  • EPSS 4.07%
  • Veröffentlicht 13.08.2024 14:15:13
  • Zuletzt bearbeitet 14.08.2024 16:35:16

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8

CVE-2024-42739

Exploit
  • EPSS 4.07%
  • Veröffentlicht 13.08.2024 14:15:13
  • Zuletzt bearbeitet 14.08.2024 15:35:13

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8

CVE-2024-42748

Exploit
  • EPSS 4.87%
  • Veröffentlicht 12.08.2024 20:15:09
  • Zuletzt bearbeitet 13.08.2024 17:08:53

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8

CVE-2024-42747

Exploit
  • EPSS 1.5%
  • Veröffentlicht 12.08.2024 20:15:09
  • Zuletzt bearbeitet 13.08.2024 17:35:04

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8

CVE-2024-42745

Exploit
  • EPSS 4.87%
  • Veröffentlicht 12.08.2024 20:15:09
  • Zuletzt bearbeitet 13.08.2024 17:09:44

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8

CVE-2024-42744

Exploit
  • EPSS 3.74%
  • Veröffentlicht 12.08.2024 20:15:09
  • Zuletzt bearbeitet 15.08.2024 15:35:14

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8

CVE-2024-42743

Exploit
  • EPSS 4.05%
  • Veröffentlicht 12.08.2024 20:15:09
  • Zuletzt bearbeitet 13.08.2024 19:35:12

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8

CVE-2024-42742

Exploit
  • EPSS 4.05%
  • Veröffentlicht 12.08.2024 20:15:08
  • Zuletzt bearbeitet 13.08.2024 20:35:14

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8

CVE-2024-42741

Exploit
  • EPSS 3.07%
  • Veröffentlicht 12.08.2024 20:15:08
  • Zuletzt bearbeitet 13.08.2024 17:35:02

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.