CVE-2024-41314

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vifdisable function...

CVE-2024-41318

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcliwpsgenpincode function...

CVE-2024-41315

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apclidoenrpinwps function...

CVE-2024-41319

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function...

CVE-2024-41320

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the getapcliconninfo function...

EUVD-2024-53543

Malicious code in bioql PyPI...

EUVD-2024-53542

Malicious code in bioql PyPI...

EUVD-2024-53544

Malicious code in bioql PyPI...

EUVD-2024-53541

Malicious code in bioql PyPI...

EUVD-2025-9759

Malicious code in bioql PyPI...

CVE-2024-37626

A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vifenable function...

CVE-2024-57214

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the resetwifi function...

CVE-2024-57212

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the actionreboot function...

CVE-2024-57213

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the actionpasswd function...

CVE-2024-57211

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enablewsh function...

CVE-2024-41316

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apclicancelwps function...

CVE-2024-41317

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apclidoenrpbcwps function...

TOTOLINK A6000R Command Injection Vulnerability

The TOTOLINK A6000R is a high performance wireless router. A command injection vulnerability exists in TOTOLINK A6000R. The vulnerability stems from the mishandling of the apclicancelwps function, and no detailed vulnerability details are provided at this time...

The vulnerability of the apcli Cancel_wps() function (/usr/lib/lua/luci/controller/mtkwifi.lua) in the TOTOLINK A6000R router software allows a attacker to execute arbitrary commands or cause service interruptions.

The vulnerability of the apcliCancelwps function /usr/lib/lua/luci/controller/mtkwifi.lua of the TOTOLINK A6000R router’s software is related to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to...

CVE-2025-3249

A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apclicancelwps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The explo...