456 matches found
CVE-2025-9577 TOTOLINK X2000R Administrative shadow.sample default credentials
A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this...
CVE-2025-9577 TOTOLINK X2000R Administrative shadow.sample default credentials
A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this...
CVE-2025-9577
TOTOLINK X2000R (firmware up to 2.0.0) contains a vulnerability in the Administrative Interface where an unknown function in /etc/shadow.sample can lead to default credential usage. Local access is required; exploitation is described as difficult, but the exploit has been released publicly and ma...
TOTOLINK X2000R 安全漏洞
TOTOLINK X2000R is a WiFi 6 router from China's Gion Electronics TOTOLINK, which supports Gigabit network and Easy Mesh features with multi-device connectivity and wireless expansion. The TOTOLINK X2000R suffers from a Use Default Credentials vulnerability, which originates from an unknown functi...
PT-2025-37324
Name of the Vulnerable Software and Affected Versions: TOTOLINK Wi-Fi 6 Router Series Device X2000R-Gh version 2.0.0 Description: An issue allows a remote attacker to execute arbitrary code via the default password. Recommendations: Change the default password...
CVE-2025-8181
A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely...
CVE-2025-8181
A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely...
CVE-2025-8181 TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation
A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely...
CVE-2025-8181
The CVE-2025-8181 issue affects TOTOLINK N600R and X2000R (version 1.0.0.1) in the FTP Service component, specifically the vsftpd.conf file. The vulnerability is described as a remote, least-privilege violation that arises from manipulating vsftpd.conf, with high-severity classifications reported...
CVE-2025-8181 TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation
A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely...
PT-2025-30966 · Totolink · Totolink N600R +1
Name of the Vulnerable Software and Affected Versions: TOTOLINK N600R version 1.0.0.1 TOTOLINK X2000R version 1.0.0.1 Description: A critical vulnerability exists in the FTP Service component of the affected products. The issue is related to the manipulation of the vsftpd.conf file, leading to a...
TOTOLINK X2000R peerRptPin parameter command injection vulnerability
TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X2000R suffers from a command injection vulnerability that stems from the parameter peerRptPin failing to correctly filter constructed command special characters, commands, and so on. No details of the...
TOTOLINK X2000R Device Name Parameter Cross-Site Scripting Vulnerability
TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. A cross-site scripting vulnerability exists in the TOTOLINK X2000R, which stems from the lack of effective filtering and escaping of user-supplied data by the Device Name parameter in the component Parent Controls Page,...
X2000R URL Address Parameter Cross-Site Scripting Vulnerability at Gion Electronics (Shenzhen) Co.
The X2000R is a wireless router from China's Gion Electronics TOTOLINK. Ltd. X2000R version 1.0.0-B20230726.1108 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter URL Address, which can be exploite...
TOTOLINK X2000R service_type parameter cross-site scripting vulnerability
The TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X2000R suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter servicetype in the file /boafrm/formPortFw. No...
TOTOLINK X2000R devicemac1 Command Injection Vulnerability
TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X2000R suffers from a command injection vulnerability that stems from incorrect manipulation of the parameter devicemac1, no details of the vulnerability are provided at this time...
The vulnerability of the built-in server boa (/boafrm/formWsc) of the TOTOLINK X2000R router’s microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the built-in server boa /boafrm/formWsc of the TOTOLINK X2000R router microprogramming system is related to the lack of measures to sanitize input data during the processing of the peerRptPin parameter. Exploiting this vulnerability allows a remote attacker to execute arbitra...
CVE-2025-5543
A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page. The manipulation of the argument Device Name leads to cross site scripting. The attack can be...
CVE-2025-5542
A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formPortFw of the component Virtual Server Page. The manipulation of the argument servicetype leads to cross site scripting. It is possible...
CVE-2025-5516
A vulnerability, which was classified as problematic, was found in TOTOLINK X2000R 1.0.0-B20230726.1108. This affects an unknown part of the file /boafrm/formFilter of the component URL Filtering Page. The manipulation of the argument URL Address leads to cross site scripting. It is possible to...