X5000r Firmware Security Vulnerabilities and Issues — X5000r Firmware CVE List

Lucene search

TotolinkX5000r Firmware

10 matches found

CVE•added 2022/03/15 10:15 p.m.•75 views

CVE-2022-27005

Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS9.9AI score0.46705EPSS

CVE•added 2022/03/15 10:15 p.m.•71 views

CVE-2022-26213

Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS9.8AI score0.41394EPSS

CVE•added 2022/03/15 10:15 p.m.•69 views

CVE-2022-27003

Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS9.9AI score0.31349EPSS

CVE•added 2022/03/15 10:15 p.m.•64 views

CVE-2022-27004

Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS9.9AI score0.31349EPSS

CVE•added 2022/02/04 2:15 a.m.•51 views

CVE-2021-45736

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server parameters.

7.8CVSS7.6AI score0.00386EPSS

CVE•added 2022/02/04 2:15 a.m.•51 views

CVE-2021-45738

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName.

10CVSS10AI score0.26449EPSS

CVE•added 2022/02/04 2:15 a.m.•48 views

CVE-2021-45733

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time.

10CVSS10AI score0.26449EPSS

CVE•added 2022/02/04 2:15 a.m.•47 views

CVE-2021-45734

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter.

7.8CVSS7.6AI score0.00411EPSS

CVE•added 2022/02/04 2:15 a.m.•47 views

CVE-2021-45735

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software.

7.5CVSS7.7AI score0.00235EPSS

CVE•added 2022/02/04 2:15 a.m.•46 views

CVE-2021-45741

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the relay6to4 parameters.

7.8CVSS7.6AI score0.00502EPSS