83 matches found
TOTOLINK X6000R security vulnerabilities
TOTOLINK X6000R is a wireless router produced by TOTOLINK, a Chinese company. Versions of TOTOLINK X6000R such as V9.4.0cu.1498B20250826 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper neutralization of special elements, which could lead to OS command...
EUVD-2023-50698
Malicious code in bioql PyPI...
EUVD-2023-50636
Malicious code in bioql PyPI...
CVE-2025-11005
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458B20250708...
CVE-2025-11005
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458B20250708...
PT-2025-39310
Name of the Vulnerable Software and Affected Versions TOTOLINK X6000R versions through V9.4.0cu.1360 B20241207 Description A flaw exists in TOTOLINK X6000R that allows for OS Command Injection. This occurs due to improper neutralization of special elements used in an OS command. An attacker could...
PT-2025-39196
Name of the Vulnerable Software and Affected Versions TOTOLINK X6000R versions through V9.4.0cu.1360 B20241207 Description An improper input validation issue exists in TOTOLINK X6000R, potentially allowing for flooding attacks. The issue affects the device due to insufficient validation of input...
CVE-2024-52723
In TOTOLINK X6000R V9.4.0cu.1041B20240224 in the shttpd file, the UciSet Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload...
Design/Logic Flaw
An issue discovered in TOTOLINK X6000R v9.4.0cu.852B20230719 allows attackers to run arbitrary commands via the sub415C80 function...
CVE-2023-52040
An issue discovered in TOTOLINK X6000R v9.4.0cu.852B20230719 allows attackers to run arbitrary commands via the sub41284C function...
TOTOLINK X6000R Security Breach
The TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X6000R version v9.4.0cu.852B20230719, which stems from a command injection vulnerability in the sub41284C method...
CVE-2023-52038
An issue discovered in TOTOLINK X6000R v9.4.0cu.852B20230719 allows attackers to run arbitrary commands via the sub415C80 function...
CVE-2023-52041
An issue discovered in TOTOLINK X6000R V9.4.0cu.852B20230719 allows attackers to run arbitrary code via the sub410118 function of the shttpd program...
CVE-2023-52041
The CVE-2023-52041 entry affects TOTOLINK X6000R (firmware V9.4.0cu.852_B20230719). Technical details from connected sources indicate the root cause is in the shttpd component, specifically the sub_410118 function, which can be abused to execute arbitrary code remotely (attack vector: network). I...
CVE-2023-52041
An issue discovered in TOTOLINK X6000R V9.4.0cu.852B20230719 allows attackers to run arbitrary code via the sub410118 function of the shttpd program...
CVE-2023-50651
TOTOLINK X6000R v9.4.0cu.852B20230719 was discovered to contain a remote command execution RCE vulnerability via the component /cgi-bin/cstecgi.cgi...
CVE-2023-48799
TOTOLINK-X6000R Firmware-V9.4.0cu.852B20230719 is vulnerable to Command Execution...
CVE-2023-48799
TOTOLINK-X6000R Firmware-V9.4.0cu.852B20230719 is vulnerable to Command Execution...
CVE-2023-48800
In TOTOLINK X6000RFirmware V9.4.0cu.852B20230719, the shttpd file sub417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability...
CVE-2023-43453
An issue in TOTOLINK X6000R V9.4.0cu.652B20230116 and V9.4.0cu.852B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component...