X5000r Security Vulnerabilities and Issues — X5000r CVE List

Lucene search

TotolinkX5000r

6 matches found

CVE•added 2024/05/14 4:17 p.m.•62 views

CVE-2024-32352

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary.

8.8CVSS7.5AI score0.04621EPSS

CVE•added 2024/08/13 2:15 p.m.•57 views

CVE-2024-42739

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8CVSS8.1AI score0.12763EPSS

CVE•added 2024/08/12 8:15 p.m.•49 views

CVE-2024-42745

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

9.8CVSS7.7AI score0.16059EPSS

CVE•added 2023/08/21 2:15 a.m.•44 views

CVE-2023-39618

TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface.

9.8CVSS9.8AI score0.08385EPSS

CVE•added 2024/05/14 4:17 p.m.•44 views

CVE-2024-32353

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.

9.8CVSS7.9AI score0.04607EPSS

CVE•added 2023/08/21 2:15 a.m.•42 views

CVE-2023-39617

TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.

9.8CVSS9.8AI score0.08385EPSS