Note:
This project will be discontinued after December 13, 2021. [more]
Product:
X6000r_firmware
(Totolink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 48 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-02-11 | CVE-2025-25524 | Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | X6000r_firmware | N/A | ||
| 2024-11-22 | CVE-2024-52723 | In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload. | X6000r_firmware | 9.8 | ||
| 2024-03-10 | CVE-2024-2353 | A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this... | X6000r_firmware | 8.8 | ||
| 2023-10-25 | CVE-2023-46408 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function. | X6000r_firmware | 9.8 | ||
| 2023-10-25 | CVE-2023-46409 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function. | X6000r_firmware | 9.8 | ||
| 2023-10-25 | CVE-2023-46410 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function. | X6000r_firmware | 9.8 | ||
| 2023-10-25 | CVE-2023-46411 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function. | X6000r_firmware | 9.8 | ||
| 2023-10-25 | CVE-2023-46412 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_41D998 function. | X6000r_firmware | 9.8 | ||
| 2023-10-25 | CVE-2023-46413 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function. | X6000r_firmware | 9.8 | ||
| 2023-10-25 | CVE-2023-46414 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ 41D494 function. | X6000r_firmware | 9.8 |