Totolink

X5000r Firmware

67 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2024-42740

Exploit
  • EPSS 0.46%
  • Veröffentlicht 13.08.2024 14:15:14
  • Zuletzt bearbeitet 04.04.2025 14:35:41

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8

CVE-2024-42737

Exploit
  • EPSS 7.02%
  • Veröffentlicht 13.08.2024 14:15:13
  • Zuletzt bearbeitet 13.08.2024 18:35:07

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.

7.8

CVE-2024-42736

Exploit
  • EPSS 0.96%
  • Veröffentlicht 13.08.2024 14:15:13
  • Zuletzt bearbeitet 04.04.2025 14:35:31

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8

CVE-2024-42738

Exploit
  • EPSS 5.43%
  • Veröffentlicht 13.08.2024 14:15:13
  • Zuletzt bearbeitet 14.08.2024 16:35:16

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8

CVE-2024-42739

Exploit
  • EPSS 5.43%
  • Veröffentlicht 13.08.2024 14:15:13
  • Zuletzt bearbeitet 14.08.2024 15:35:13

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8

CVE-2024-42748

Exploit
  • EPSS 6.47%
  • Veröffentlicht 12.08.2024 20:15:09
  • Zuletzt bearbeitet 13.08.2024 17:08:53

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8

CVE-2024-42747

Exploit
  • EPSS 2.02%
  • Veröffentlicht 12.08.2024 20:15:09
  • Zuletzt bearbeitet 13.08.2024 17:35:04

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8

CVE-2024-42745

Exploit
  • EPSS 6.47%
  • Veröffentlicht 12.08.2024 20:15:09
  • Zuletzt bearbeitet 13.08.2024 17:09:44

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8

CVE-2024-42744

Exploit
  • EPSS 4.99%
  • Veröffentlicht 12.08.2024 20:15:09
  • Zuletzt bearbeitet 15.08.2024 15:35:14

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8

CVE-2024-42743

Exploit
  • EPSS 5.4%
  • Veröffentlicht 12.08.2024 20:15:09
  • Zuletzt bearbeitet 13.08.2024 19:35:12

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands.