Filtered by vendor Totolink Subscriptions
Filtered by product X6000r Subscriptions
Total 44 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-46484 1 Totolink 2 X6000r, X6000r Firmware 2024-09-06 9.8 Critical
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.
CVE-2023-52042 1 Totolink 2 X6000r, X6000r Firmware 2024-08-30 9.8 Critical
An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter.
CVE-2024-7907 1 Totolink 2 X6000r, X6000r Firmware 2024-08-19 6.3 Medium
A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-52038 1 Totolink 2 X6000r, X6000r Firmware 2024-08-02 9.8 Critical
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function.
CVE-2023-52039 1 Totolink 2 X6000r, X6000r Firmware 2024-08-02 9.8 Critical
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function.
CVE-2023-52041 1 Totolink 2 X6000r, X6000r Firmware 2024-08-02 9.8 Critical
An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program.
CVE-2023-52040 1 Totolink 2 X6000r, X6000r Firmware 2024-08-02 9.8 Critical
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function.
CVE-2023-50651 1 Totolink 2 X6000r, X6000r Firmware 2024-08-02 9.8 Critical
TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi.
CVE-2023-48803 1 Totolink 2 X6000r, X6000r Firmware 2024-08-02 9.8 Critical
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVE-2023-48811 1 Totolink 2 X6000r, X6000r Firmware 2024-08-02 9.8 Critical
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability.
CVE-2023-48807 1 Totolink 2 X6000r, X6000r Firmware 2024-08-02 9.8 Critical
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVE-2023-48812 1 Totolink 2 X6000r, X6000r Firmware 2024-08-02 9.8 Critical
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability.
CVE-2023-48806 1 Totolink 2 X6000r, X6000r Firmware 2024-08-02 9.8 Critical
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVE-2023-48799 1 Totolink 2 X6000r, X6000r Firmware 2024-08-02 9.8 Critical
TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution.
CVE-2023-48802 1 Totolink 2 X6000r, X6000r Firmware 2024-08-02 9.8 Critical
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVE-2023-48810 1 Totolink 2 X6000r, X6000r Firmware 2024-08-02 9.8 Critical
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVE-2023-48808 1 Totolink 2 X6000r, X6000r Firmware 2024-08-02 9.8 Critical
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVE-2023-48805 1 Totolink 2 X6000r, X6000r Firmware 2024-08-02 9.8 Critical
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVE-2023-48800 1 Totolink 2 X6000r, X6000r Firmware 2024-08-02 9.8 Critical
In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.
CVE-2023-48801 1 Totolink 2 X6000r, X6000r Firmware 2024-08-02 9.8 Critical
In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.