X5000r Firmware@9.1.0cu.2350 b20230313 Security Vulnerabilities and Issues — X5000r Firmware@9.1.0cu.2350 b20230313 CVE List

Lucene search

TotolinkX5000r Firmware9.1.0cu.2350 b20230313

10 matches found

CVE•added 2024/05/14 4:17 p.m.•67 views

CVE-2024-32350

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecPsk" parameter in the "cstecgi.cgi" binary.

8.8CVSS7.5AI score0.04621EPSS

CVE•added 2024/05/14 4:17 p.m.•64 views

CVE-2024-32352

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary.

8.8CVSS7.5AI score0.04621EPSS

CVE•added 2024/05/14 4:17 p.m.•63 views

CVE-2024-32351

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mru" parameter in the "cstecgi.cgi" binary.

8.8CVSS7.5AI score0.04621EPSS

CVE•added 2024/05/14 4:17 p.m.•51 views

CVE-2024-32354

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.

6CVSS7.9AI score0.00583EPSS

Web

CVE•added 2024/05/14 4:17 p.m.•48 views

CVE-2024-32349

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mtu" parameters in the "cstecgi.cgi" binary.

6CVSS7.5AI score0.00923EPSS

CVE•added 2024/05/14 4:17 p.m.•48 views

CVE-2024-32355

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'password' parameter in the setSSServer function.

8CVSS7.9AI score0.00844EPSS

CVE•added 2024/08/13 2:15 p.m.•47 views

CVE-2024-42740

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

6.8CVSS7.8AI score0.02183EPSS

Web

CVE•added 2024/05/14 4:17 p.m.•45 views

CVE-2024-32353

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.

9.8CVSS7.9AI score0.04607EPSS

Web

CVE•added 2024/05/14 3:39 p.m.•42 views

CVE-2024-34921

TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the disconnectVPN function.

8.8CVSS7.9AI score0.01781EPSS

CVE•added 2024/08/13 2:15 p.m.•42 views

CVE-2024-42736

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.

7.8CVSS8.3AI score0.02154EPSS