4 matches found
TOTOLINK X5000R sMinute Parameter Command Injection Vulnerability in the setWiFiScheduleCfg Function
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "sMinute" parameter in setWiFiScheduleCfg failing to correctly filter constructed command special characters,...
TOTOLINK X5000R week parameter command injection vulnerability in setWiFiScheduleCfg function
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "week" parameter in setWiFiScheduleCfg failing to correctly filter constructed command special characters,...
PT-2025-3390 · Totolink · Totolink X5000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version 9.1.0cu.2350 B20230313 Description: The issue is related to an OS command injection vulnerability. This vulnerability can be exploited via the desc parameter in the setWiFiScheduleCfg function. Recommendations: For...
PT-2025-3388 · Totolink · Totolink X5000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version 9.1.0cu.2350 B20230313 Description: The issue is related to an OS command injection vulnerability. This vulnerability occurs via the week parameter in the setWiFiScheduleCfg function. Recommendations: For TOTOLINK X500...