Lucene search

K
TotolinkA6000r Firmware

13 matches found

CVE
CVE
added 2025/04/04 2:15 p.m.53 views

CVE-2025-3249

A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The explo...

9.8CVSS6.9AI score0.00652EPSS
CVE
CVE
added 2024/07/23 3:15 p.m.50 views

CVE-2024-41319

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.

9.8CVSS8AI score0.43982EPSS
Web
CVE
CVE
added 2024/07/22 2:15 p.m.42 views

CVE-2024-41316

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.

9.8CVSS7.8AI score0.01743EPSS
CVE
CVE
added 2024/07/22 2:15 p.m.41 views

CVE-2024-41317

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.

8CVSS7.8AI score0.0045EPSS
CVE
CVE
added 2025/01/10 5:15 p.m.41 views

CVE-2024-57214

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.

6.3CVSS8.2AI score0.02523EPSS
CVE
CVE
added 2024/07/22 2:15 p.m.40 views

CVE-2024-41318

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.

9.8CVSS7.8AI score0.01743EPSS
CVE
CVE
added 2025/01/10 5:15 p.m.40 views

CVE-2024-57213

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function.

6.3CVSS8.2AI score0.02523EPSS
CVE
CVE
added 2024/07/22 2:15 p.m.39 views

CVE-2024-41314

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.

6.8CVSS7.8AI score0.00172EPSS
CVE
CVE
added 2025/01/10 5:15 p.m.39 views

CVE-2024-57211

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function.

8CVSS8.2AI score0.0208EPSS
CVE
CVE
added 2025/01/10 5:15 p.m.39 views

CVE-2024-57212

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function.

5.1CVSS8.2AI score0.02325EPSS
CVE
CVE
added 2024/06/20 5:15 p.m.36 views

CVE-2024-37626

A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function.

8.8CVSS8.4AI score0.01689EPSS
CVE
CVE
added 2024/07/22 2:15 p.m.32 views

CVE-2024-41320

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function.

8.8CVSS7.7AI score0.00455EPSS
CVE
CVE
added 2024/07/22 2:15 p.m.31 views

CVE-2024-41315

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.

6.8CVSS7.8AI score0.00172EPSS