X5000r Firmware@9.1.0u.6369 b20230113 Security Vulnerabilities and Issues — X5000r Firmware@9.1.0u.6369 b20230113 CVE List

Lucene search

TotolinkX5000r Firmware9.1.0u.6369 b20230113

11 matches found

CVE•added 2024/02/17 6:15 a.m.•79 views

CVE-2024-25468

An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component.

7.5CVSS6.8AI score0.00618EPSS

CVE•added 2024/08/13 2:15 p.m.•58 views

CVE-2024-42739

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8CVSS8.1AI score0.12763EPSS

Web

CVE•added 2024/08/12 8:15 p.m.•54 views

CVE-2024-42741

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8CVSS7.7AI score0.09023EPSS

Web

CVE•added 2024/08/12 8:15 p.m.•51 views

CVE-2024-42745

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

9.8CVSS7.7AI score0.16059EPSS

CVE•added 2024/08/13 2:15 p.m.•50 views

CVE-2024-42738

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8CVSS8.3AI score0.16398EPSS

CVE•added 2024/08/12 8:15 p.m.•50 views

CVE-2024-42742

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8CVSS7.7AI score0.12763EPSS

Web

CVE•added 2024/08/12 8:15 p.m.•49 views

CVE-2024-42743

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8CVSS7.7AI score0.12763EPSS

Web

CVE•added 2024/08/13 2:15 p.m.•48 views

CVE-2024-42737

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.

9.8CVSS8.3AI score0.20364EPSS

CVE•added 2024/08/12 8:15 p.m.•48 views

CVE-2024-42747

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8CVSS8.1AI score0.02083EPSS

Web

CVE•added 2024/08/12 8:15 p.m.•48 views

CVE-2024-42748

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

9.8CVSS8.1AI score0.16059EPSS

Web

CVE•added 2024/08/12 8:15 p.m.•47 views

CVE-2024-42744

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.

8.8CVSS7.7AI score0.12763EPSS

Web