Lucene search
K

456 matches found

Cvelist
Cvelist
added 2025/08/28 6:32 p.m.17 views

CVE-2025-9577 TOTOLINK X2000R Administrative shadow.sample default credentials

A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this...

2.5CVSS0.00193EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/08/28 6:32 p.m.4 views

CVE-2025-9577 TOTOLINK X2000R Administrative shadow.sample default credentials

A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this...

2.5CVSS3.8AI score0.00193EPSS
Exploits1References6
CVE
CVE
added 2025/08/28 6:32 p.m.21 views

CVE-2025-9577

TOTOLINK X2000R (firmware up to 2.0.0) contains a vulnerability in the Administrative Interface where an unknown function in /etc/shadow.sample can lead to default credential usage. Local access is required; exploitation is described as difficult, but the exploit has been released publicly and ma...

7CVSS3.8AI score0.00193EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.4 views

TOTOLINK X2000R 安全漏洞

TOTOLINK X2000R is a WiFi 6 router from China's Gion Electronics TOTOLINK, which supports Gigabit network and Easy Mesh features with multi-device connectivity and wireless expansion. The TOTOLINK X2000R suffers from a Use Default Credentials vulnerability, which originates from an unknown functi...

7CVSS6.8AI score0.00193EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/08/10 12:0 a.m.5 views

PT-2025-37324

Name of the Vulnerable Software and Affected Versions: TOTOLINK Wi-Fi 6 Router Series Device X2000R-Gh version 2.0.0 Description: An issue allows a remote attacker to execute arbitrary code via the default password. Recommendations: Change the default password...

9CVSS7.5AI score0.00554EPSS
Exploits1References7
OSV
OSV
added 2025/07/26 7:15 a.m.4 views

CVE-2025-8181

A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely...

8.6CVSS5.4AI score0.00905EPSS
Exploits1References6
NVD
NVD
added 2025/07/26 7:15 a.m.17 views

CVE-2025-8181

A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely...

8.6CVSS0.00905EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/07/26 7:2 a.m.4 views

CVE-2025-8181 TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation

A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely...

8.6CVSS7AI score0.00905EPSS
Exploits1References6
CVE
CVE
added 2025/07/26 7:2 a.m.21 views

CVE-2025-8181

The CVE-2025-8181 issue affects TOTOLINK N600R and X2000R (version 1.0.0.1) in the FTP Service component, specifically the vsftpd.conf file. The vulnerability is described as a remote, least-privilege violation that arises from manipulating vsftpd.conf, with high-severity classifications reported...

8.6CVSS7AI score0.00905EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2025/07/26 7:2 a.m.31 views

CVE-2025-8181 TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation

A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely...

8.6CVSS0.00905EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/07/26 12:0 a.m.7 views

PT-2025-30966 · Totolink · Totolink N600R +1

Name of the Vulnerable Software and Affected Versions: TOTOLINK N600R version 1.0.0.1 TOTOLINK X2000R version 1.0.0.1 Description: A critical vulnerability exists in the FTP Service component of the affected products. The issue is related to the manipulation of the vsftpd.conf file, leading to a...

9CVSS6.8AI score0.00905EPSS
Exploits1References12
CNVD
CNVD
added 2025/06/11 12:0 a.m.12 views

TOTOLINK X2000R peerRptPin parameter command injection vulnerability

TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X2000R suffers from a command injection vulnerability that stems from the parameter peerRptPin failing to correctly filter constructed command special characters, commands, and so on. No details of the...

6.5CVSS7.5AI score0.15041EPSS
Exploits1References1
CNVD
CNVD
added 2025/06/11 12:0 a.m.2 views

TOTOLINK X2000R Device Name Parameter Cross-Site Scripting Vulnerability

TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. A cross-site scripting vulnerability exists in the TOTOLINK X2000R, which stems from the lack of effective filtering and escaping of user-supplied data by the Device Name parameter in the component Parent Controls Page,...

4.8CVSS6.4AI score0.00279EPSS
Exploits1References1
CNVD
CNVD
added 2025/06/11 12:0 a.m.5 views

X2000R URL Address Parameter Cross-Site Scripting Vulnerability at Gion Electronics (Shenzhen) Co.

The X2000R is a wireless router from China's Gion Electronics TOTOLINK. Ltd. X2000R version 1.0.0-B20230726.1108 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter URL Address, which can be exploite...

4.8CVSS6.6AI score0.00299EPSS
Exploits1References1
CNVD
CNVD
added 2025/06/11 12:0 a.m.3 views

TOTOLINK X2000R service_type parameter cross-site scripting vulnerability

The TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X2000R suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter servicetype in the file /boafrm/formPortFw. No...

4.8CVSS6.4AI score0.00277EPSS
Exploits1References1
CNVD
CNVD
added 2025/06/10 12:0 a.m.2 views

TOTOLINK X2000R devicemac1 Command Injection Vulnerability

TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X2000R suffers from a command injection vulnerability that stems from incorrect manipulation of the parameter devicemac1, no details of the vulnerability are provided at this time...

6.5CVSS7.7AI score0.04531EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/06/06 12:0 a.m.10 views

The vulnerability of the built-in server boa (/boafrm/formWsc) of the TOTOLINK X2000R router’s microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the built-in server boa /boafrm/formWsc of the TOTOLINK X2000R router microprogramming system is related to the lack of measures to sanitize input data during the processing of the peerRptPin parameter. Exploiting this vulnerability allows a remote attacker to execute arbitra...

6.5CVSS7.1AI score0.15041EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/05 11:14 p.m.22 views

CVE-2025-5543

A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page. The manipulation of the argument Device Name leads to cross site scripting. The attack can be...

4.8CVSS6.2AI score0.00279EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/05 10:19 p.m.24 views

CVE-2025-5542

A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formPortFw of the component Virtual Server Page. The manipulation of the argument servicetype leads to cross site scripting. It is possible...

4.8CVSS6.2AI score0.00277EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/05 6:5 p.m.12 views

CVE-2025-5516

A vulnerability, which was classified as problematic, was found in TOTOLINK X2000R 1.0.0-B20230726.1108. This affects an unknown part of the file /boafrm/formFilter of the component URL Filtering Page. The manipulation of the argument URL Address leads to cross site scripting. It is possible to...

4.8CVSS6AI score0.00299EPSS
Exploits1References1
Rows per page
Query Builder