Totolink

X5000r Firmware

65 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-9934

Exploit
  • EPSS 2.81%
  • Published 03.09.2025 22:32:13
  • Last modified 29.09.2025 18:34:55

A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is...

6.5

CVE-2025-25605

Exploit
  • EPSS 9.18%
  • Published 21.02.2025 19:15:14
  • Last modified 04.04.2025 15:29:44

Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua.

6.5

CVE-2025-25604

Exploit
  • EPSS 9.18%
  • Published 21.02.2025 19:15:14
  • Last modified 04.04.2025 15:30:47

Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua.

6.8

CVE-2024-57025

Exploit
  • EPSS 2.95%
  • Published 15.01.2025 17:15:18
  • Last modified 07.04.2025 18:08:31

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg.

6.8

CVE-2024-57024

Exploit
  • EPSS 2.95%
  • Published 15.01.2025 17:15:18
  • Last modified 07.04.2025 18:10:29

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg.

6.8

CVE-2024-57023

Exploit
  • EPSS 2.95%
  • Published 15.01.2025 17:15:18
  • Last modified 07.04.2025 18:14:48

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg.

8.8

CVE-2024-57022

Exploit
  • EPSS 5.86%
  • Published 15.01.2025 17:15:18
  • Last modified 19.03.2025 14:15:38

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg.

8.8

CVE-2024-57013

Exploit
  • EPSS 5.86%
  • Published 15.01.2025 17:15:17
  • Last modified 13.03.2025 15:15:49

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg.

8.8

CVE-2024-57011

Exploit
  • EPSS 1.91%
  • Published 15.01.2025 17:15:17
  • Last modified 17.03.2025 17:15:34

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg.

8.8

CVE-2024-57012

Exploit
  • EPSS 5.86%
  • Published 15.01.2025 17:15:17
  • Last modified 14.03.2025 16:15:37

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg.