CVE-2025-11100

CVE-2025-11100 affects D-Link DIR-823X (firmware 250416). The uci_set function in /goform/set_wifi_blacklists is vulnerable to remote command injection; exploitation can occur over the network and a public exploit exists. Several sources (NVD, Red Hat, CNVD, CVE lists) confirm remote exploitation...

CVE-2025-11100 D-Link DIR-823X set_wifi_blacklists uci_set command injection

A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uciset of the file /goform/setwifiblacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

CVE-2023-48807

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...

CVE-2024-52723

In TOTOLINK X6000R V9.4.0cu.1041B20240224 in the shttpd file, the UciSet Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload...

TOTOLINK X6000R 安全漏洞

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X6000R, which stems from a failure to strictly filter the parameters of the UciSet Str function, and can be exploited by an attacker to execute arbitrary commands by...

PT-2024-35418 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.1041 B20240224 Description: The issue arises from the use of the Uci Set function without strict parameter filtering in the shttpd file. This allows an attacker to achieve arbitrary command execution by...

CVE-2023-48802

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...

CVE-2023-48805

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...

CVE-2023-48802

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...

CVE-2023-48803

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...

Command injection

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...

PT-2023-7438 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.852 B20230719 Description: The issue is related to the sub 4119A0 function in the shttpd file, which obtains fields from the front-end through the Uci Set The Str function. When these fields are passed to the...

PT-2023-7636 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.852 B20230719 Description: The issue arises from the sub 4119A0 function in the shttpd file, which obtains fields from the front-end through the Uci Set The Str function. When these fields are passed to the...