CVE-2026-15204
- EPSS -
- Veröffentlicht 09.07.2026 17:45:10
- Zuletzt bearbeitet 09.07.2026 19:03:47
A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in...
CVE-2026-8137
- EPSS 0.46%
- Veröffentlicht 08.05.2026 04:00:13
- Zuletzt bearbeitet 08.05.2026 15:45:49
A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the...
CVE-2025-67445
- EPSS 0.33%
- Veröffentlicht 24.02.2026 00:00:00
- Zuletzt bearbeitet 05.07.2026 02:17:35
TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CONTENT_LENGTH + 1) without sufficient bounds checkin...
- EPSS 3.18%
- Veröffentlicht 23.02.2026 00:00:00
- Zuletzt bearbeitet 24.02.2026 20:38:09
TOTOLink X5000R v9.1.0cu_2415_B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 (and other vlanVidLanX) parameters are retrieved via Uci_Get_Str and passed to the ...
CVE-2025-70327
- EPSS 0.69%
- Veröffentlicht 23.02.2026 00:00:00
- Zuletzt bearbeitet 26.02.2026 03:06:04
TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem wit...
CVE-2025-14586
- EPSS 2.46%
- Veröffentlicht 13.12.2025 06:32:10
- Zuletzt bearbeitet 29.04.2026 01:00:01
A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection...
CVE-2025-13184
- EPSS 11.17%
- Veröffentlicht 10.12.2025 12:34:54
- Zuletzt bearbeitet 19.12.2025 19:27:20
Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementat...
CVE-2025-9934
- EPSS 3.74%
- Veröffentlicht 03.09.2025 22:32:13
- Zuletzt bearbeitet 29.04.2026 01:00:01
A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is...
CVE-2025-25604
- EPSS 0.83%
- Veröffentlicht 21.02.2025 19:15:14
- Zuletzt bearbeitet 04.04.2025 15:30:47
Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua.
CVE-2025-25605
- EPSS 0.74%
- Veröffentlicht 21.02.2025 19:15:14
- Zuletzt bearbeitet 04.04.2025 15:29:44
Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua.