CVE-2026-4611

TOTOLINK X6000R firmware versions 9.4.0cu.1360_B20241207 and 9.4.0cu.1498_B20250826 are affected. The vulnerability resides in the shttpd binary (/usr/sbin/shttpd) within the setLanCfg function, where manipulating the Hostname argument can trigger an OS command injection. The issue can be exploit...

CVE-2026-4611 TOTOLINK X6000R shttpd setLanCfg privilege escalation

A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360B20241207/9.4.0cu.1498B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely...

EUVD-2013-0359

Malware in sbrugna...

CVE-2024-52723

In TOTOLINK X6000R V9.4.0cu.1041B20240224 in the shttpd file, the UciSet Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload...

CVE-2023-48808

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...

CVE-2023-48812

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file sub4119A0 function obtains fields from the front-end through Uci Set The Str function that when passed to the CsteSystem function creates a command execution vulnerability...

CVE-2023-48808

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...

CVE-2023-48811

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function that when passed to the CsteSystem function creates a command execution vulnerability...

CVE-2023-48807

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...

CVE-2023-48803

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...

TOTOLINK X6000R 安全漏洞

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X6000R shttpd sub4119A0, which can be exploited by a remote attacker to submit a special request that can be used in an application context to execute arbitrary commands...

PT-2023-7631 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version V9.4.0cu.852 B20230719 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command. This allows a remote attacker to execute arbitrary commands. The sub 4119...

PT-2023-7636 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.852 B20230719 Description: The issue arises from the sub 4119A0 function in the shttpd file, which obtains fields from the front-end through the Uci Set The Str function. When these fields are passed to the...