165 matches found
CVE-2026-4611
A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360B20241207/9.4.0cu.1498B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely...
EUVD-2026-14603
A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360B20241207/9.4.0cu.1498B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely...
CVE-2026-4611 TOTOLINK X6000R shttpd setLanCfg privilege escalation
A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360B20241207/9.4.0cu.1498B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely...
CVE-2026-4611 TOTOLINK X6000R shttpd setLanCfg privilege escalation
A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360B20241207/9.4.0cu.1498B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely...
CVE-2026-4611
A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360B20241207/9.4.0cu.1498B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely...
CVE-2026-4611
TOTOLINK X6000R firmware versions 9.4.0cu.1360_B20241207 and 9.4.0cu.1498_B20250826 are affected. The vulnerability resides in the shttpd binary (/usr/sbin/shttpd) within the setLanCfg function, where manipulating the Hostname argument can trigger an OS command injection. The issue can be exploit...
PT-2026-27220
A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360 B20241207/9.4.0cu.1498 B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely...
CVE-2025-70328
TOTOLINK X6000R v9.4.0cu.1498B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The hosttime parameter is retrieved via sub40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the...
CVE-2025-70328
TOTOLINK X6000R v9.4.0cu.1498B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The hosttime parameter is retrieved via sub40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the...
CVE-2025-70328
Summary (CVE-2025-70328) TOTOLINK X6000R is affected by an OS command injection in the NTPSyncWithHost handler of /usr/sbin/shttpd balloted at v9.4.0cu.1498_B20250826. The vulnerability arises from how the host_time parameter is obtained via sub_40C404 and handed to a shell command (date -s) thro...
EUVD-2013-0359
Malware in sbrugna...
EUVD-2007-3525
Malware in sbrugna...
EUVD-2023-56720
Malicious code in bioql PyPI...
EUVD-2023-52833
Malicious code in bioql PyPI...
EUVD-2023-52832
Malicious code in bioql PyPI...
EUVD-2023-52841
Malicious code in bioql PyPI...
EUVD-2023-52843
Malicious code in bioql PyPI...
EUVD-2024-17506
Malicious code in bioql PyPI...
EUVD-2023-52837
Malicious code in bioql PyPI...
EUVD-2023-52838
Malicious code in bioql PyPI...