X5000r Firmware Security Vulnerabilities and Issues — Page 2 of X5000r Firmware CVE List

Lucene search

TotolinkX5000r Firmware

64 matches found

CVE•added 2024/08/13 2:15 p.m.•46 views

CVE-2024-42740

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

6.8CVSS7.8AI score0.02183EPSS

CVE•added 2024/08/12 8:15 p.m.•46 views

CVE-2024-42744

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8CVSS7.7AI score0.12763EPSS

CVE•added 2023/06/06 2:15 p.m.•45 views

CVE-2023-31569

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function.

9.8CVSS9.7AI score0.05158EPSS

CVE•added 2023/08/21 2:15 a.m.•44 views

CVE-2023-39618

TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface.

9.8CVSS9.8AI score0.08385EPSS

CVE•added 2024/05/14 4:17 p.m.•44 views

CVE-2024-32353

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.

9.8CVSS7.9AI score0.04607EPSS

CVE•added 2023/08/21 2:15 a.m.•42 views

CVE-2023-39617

TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.

9.8CVSS9.8AI score0.08385EPSS

CVE•added 2024/05/14 3:39 p.m.•41 views

CVE-2024-34921

TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the disconnectVPN function.

8.8CVSS7.9AI score0.01781EPSS

CVE•added 2024/08/13 2:15 p.m.•41 views

CVE-2024-42736

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.

7.8CVSS8.3AI score0.02154EPSS

CVE•added 2021/04/14 4:15 p.m.•39 views

CVE-2021-27708

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system func...

10CVSS9.9AI score0.2015EPSS

CVE•added 2025/01/15 5:15 p.m.•38 views

CVE-2024-57023

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg.

6.8CVSS7.7AI score0.01775EPSS

CVE•added 2023/10/16 6:15 a.m.•37 views

CVE-2023-36950

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.

9.8CVSS9.6AI score0.00907EPSS

CVE•added 2025/01/15 5:15 p.m.•36 views

CVE-2024-57025

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg.

6.8CVSS7.7AI score0.01775EPSS

CVE•added 2025/01/15 5:15 p.m.•35 views

CVE-2024-57024

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg.

6.8CVSS7.7AI score0.01775EPSS

CVE•added 2023/12/08 4:15 p.m.•29 views

CVE-2023-6612

A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setNetworkConfig/setPortForwar...

9.8CVSS7AI score0.08939EPSS

Total number of security vulnerabilities64