EUVD-2025-4474

Malicious code in bioql PyPI...

The vulnerability of the apcli Cancel_wps() function (/usr/lib/lua/luci/controller/mtkwifi.lua) in the TOTOLINK A6000R router software allows a attacker to execute arbitrary commands or cause service interruptions.

The vulnerability of the apcliCancelwps function /usr/lib/lua/luci/controller/mtkwifi.lua of the TOTOLINK A6000R router’s software is related to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to...

CVE-2025-3249

A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apclicancelwps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The explo...

CVE-2025-3249

CVE-2025-3249 affects TOTOLINK A6000R 1.0.1-B20201211.2000. The issue is in the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua , enabling remote command injection . Several sources confirm this vulnerability with public disclosure and potential exploitation.

The vulnerability of the apcli_wps_gen_pincode() function in the mtkwifi.lua script of the TOTOLINK X5000R router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the apcliwpsgenpincode function in the mtkwifi.lua script of the TOTOLINK X5000R router’s software is related to the lack of measures taken to secure input data at the control level. Exploiting this vulnerability could allow an attacker to execute arbitrary commands remotely...

CVE-2025-25605

Totolink X5000R V9.1.0u.6369B20230113 is vulnerable to command injection via the apcliwpsgenpincode function in mtkwifi.lua...

CVE-2025-25605

Totolink X5000R V9.1.0u.6369B20230113 is vulnerable to command injection via the apcliwpsgenpincode function in mtkwifi.lua...

CVE-2025-25605

Totolink X5000R V9.1.0u.6369B20230113 is vulnerable to command injection via the apcliwpsgenpincode function in mtkwifi.lua...

CVE-2025-25604

Totolink X5000R with firmware 9.1.0u.6369_B20230113 is affected by a command-injection vulnerability in the vif_disable function of mtkwifi.lua. The issue, observable as CVE-2025-25604, comes from the vif_disable code path and could impact confidentiality and integrity (per CVSS 3.1: Confidential...

CVE-2025-25605

Totolink X5000R running 9.1.0u.6369_B20230113 is affected by a command-injection in mtkwifi.lua’s apcli_wps_gen_pincode function. Root cause: input handling in that Lua function allows arbitrary command execution. Impact: network-accessible, authenticated? The CVSS shows network attack, no user i...

PT-2025-7559 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: Totolink X5000R version 9.1.0u.6369 B20230113 Description: The issue concerns a command injection vulnerability via the vif disable function in mtkwifi.lua. Recommendations: For Totolink X5000R version 9.1.0u.6369 B20230113, as a temporary...