Note:
This project will be discontinued after December 13, 2021. [more]
Product:
X6000r_firmware
(Totolink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 48 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-01-16 | CVE-2023-52041 | An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program. | X6000r_firmware | 9.8 | ||
| 2023-11-30 | CVE-2023-48802 | In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | X6000r_firmware | 9.8 | ||
| 2024-01-24 | CVE-2023-52038 | An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function. | X6000r_firmware | 9.8 | ||
| 2024-01-24 | CVE-2023-52039 | An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. | X6000r_firmware | 9.8 | ||
| 2025-02-11 | CVE-2025-25524 | Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | X6000r_firmware | N/A | ||
| 2024-11-22 | CVE-2024-52723 | In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload. | X6000r_firmware | 9.8 | ||
| 2024-03-10 | CVE-2024-2353 | A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this... | X6000r_firmware | 8.8 | ||
| 2023-10-25 | CVE-2023-46408 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function. | X6000r_firmware | 9.8 | ||
| 2023-10-25 | CVE-2023-46409 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function. | X6000r_firmware | 9.8 | ||
| 2023-10-25 | CVE-2023-46410 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function. | X6000r_firmware | 9.8 |