Note:
This project will be discontinued after December 13, 2021. [more]
Product:
X5000r_firmware
(Totolink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 48 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-01-15 | CVE-2024-57013 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg. | X5000r_firmware | 8.8 | ||
| 2025-01-15 | CVE-2024-57017 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg. | X5000r_firmware | 8.8 | ||
| 2025-01-15 | CVE-2024-57018 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg. | X5000r_firmware | 8.8 | ||
| 2025-01-15 | CVE-2024-57016 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg. | X5000r_firmware | 8.8 | ||
| 2023-05-05 | CVE-2023-30013 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. | X5000r_firmware | 9.8 | ||
| 2023-05-31 | CVE-2023-33485 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. | X5000r_firmware | 8.8 | ||
| 2023-05-31 | CVE-2023-33487 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter. | X5000r_firmware | 9.8 | ||
| 2023-05-31 | CVE-2023-33486 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter. | X5000r_firmware | 9.8 | ||
| 2023-06-06 | CVE-2023-31569 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function. | X5000r_firmware | 9.8 | ||
| 2024-02-17 | CVE-2024-25468 | An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component. | X5000r_firmware | 7.5 |