X6000r Firmware@9.4.0cu.852 b20230719 Security Vulnerabilities and Issues — X6000r Firmware@9.4.0cu.852 b20230719 CVE List

Lucene search

TotolinkX6000r Firmware9.4.0cu.852 b20230719

30 matches found

CVE•added 2024/03/10 8:15 a.m.•72 views

CVE-2024-2353

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be i...

9CVSS9AI score0.1232EPSS

CVE•added 2024/02/20 1:15 p.m.•58 views

CVE-2024-1661

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity o...

5.5CVSS4AI score0.00048EPSS

CVE•added 2024/08/18 4:15 p.m.•47 views

CVE-2024-7907

A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. Th...

9.8CVSS7.1AI score0.01521EPSS

CVE•added 2023/10/31 9:15 p.m.•41 views

CVE-2023-46485

An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.

9.8CVSS9.6AI score0.04647EPSS

CVE•added 2023/10/31 2:15 p.m.•38 views

CVE-2023-46979

TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function.

9.8CVSS9.7AI score0.03236EPSS

CVE•added 2023/11/30 6:15 p.m.•37 views

CVE-2023-48812

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability.

9.8CVSS9.4AI score0.00349EPSS

CVE•added 2023/12/30 5:15 p.m.•37 views

CVE-2023-50651

TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi.

9.8CVSS9.6AI score0.05416EPSS

CVE•added 2023/11/30 6:15 p.m.•36 views

CVE-2023-48804

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.

9.8CVSS9.4AI score0.00349EPSS

CVE•added 2023/11/30 6:15 p.m.•36 views

CVE-2023-48808

9.8CVSS9.4AI score0.00349EPSS

CVE•added 2023/10/31 2:15 p.m.•35 views

CVE-2023-46978

TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication.

7.5CVSS7.6AI score0.00144EPSS

CVE•added 2023/12/01 2:15 a.m.•34 views

CVE-2023-43454

An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component.

9.8CVSS9.6AI score0.03931EPSS

CVE•added 2023/12/04 1:15 p.m.•33 views

CVE-2023-48799

TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution.

9.8CVSS9.4AI score0.00721EPSS

CVE•added 2023/11/30 6:15 p.m.•33 views

CVE-2023-48810

9.8CVSS9.4AI score0.00349EPSS

CVE•added 2024/01/24 6:15 p.m.•33 views

CVE-2023-52039

An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function.

9.8CVSS9.4AI score0.00122EPSS

CVE•added 2023/12/01 2:15 a.m.•32 views

CVE-2023-43453

An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component.

9.8CVSS9.6AI score0.03931EPSS

CVE•added 2024/01/24 6:15 p.m.•32 views

CVE-2023-52038

An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function.

9.8CVSS9.4AI score0.00122EPSS

CVE•added 2023/12/01 2:15 a.m.•31 views

CVE-2023-43455

An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component.

9.8CVSS9.7AI score0.03931EPSS

CVE•added 2023/11/30 6:15 p.m.•31 views

CVE-2023-48811

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability.

9.8CVSS9.4AI score0.00349EPSS

CVE•added 2024/01/16 7:15 p.m.•31 views

CVE-2023-52041

An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program.

9.8CVSS9.4AI score0.00263EPSS

CVE•added 2024/01/16 10:15 p.m.•31 views

CVE-2023-52042

An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter.

9.8CVSS9.4AI score0.00278EPSS

CVE•added 2023/12/04 1:15 p.m.•30 views

CVE-2023-48800

In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.

9.8CVSS9.4AI score0.00711EPSS

CVE•added 2023/10/31 9:15 p.m.•29 views

CVE-2023-46484

An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.

9.8CVSS9.6AI score0.04647EPSS

CVE•added 2023/11/30 6:15 p.m.•29 views

CVE-2023-48802

9.8CVSS9.4AI score0.00349EPSS

CVE•added 2023/11/30 6:15 p.m.•29 views

CVE-2023-48806

9.8CVSS9.4AI score0.00349EPSS

CVE•added 2023/12/01 11:15 p.m.•28 views

CVE-2023-48801

In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.

9.8CVSS9.4AI score0.0027EPSS

CVE•added 2023/11/30 6:15 p.m.•28 views

CVE-2023-48803

9.8CVSS9.4AI score0.00349EPSS

CVE•added 2023/11/30 6:15 p.m.•28 views

CVE-2023-48805

9.8CVSS9.4AI score0.00349EPSS

CVE•added 2023/11/30 6:15 p.m.•28 views

CVE-2023-48807

9.8CVSS9.4AI score0.00349EPSS

CVE•added 2024/01/24 6:15 p.m.•27 views

CVE-2023-52040

An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function.

9.8CVSS9.4AI score0.00137EPSS

CVE•added 2024/02/23 1:15 a.m.•27 views

CVE-2024-1781

A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection. The exploit has been disclosed to the public a...

9.8CVSS6.8AI score0.05694EPSS