X5000r Firmware

x5000r_firmware

Vendor: Totolink • 70 CVEs

CVEs (70)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-67445 1Totolink 1X5000r Firmware Feb 27, 2026 Feb 24, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CONTENT_LENGTH + 1) wit...Show more TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CONTENT_LENGTH + 1) without sufficient bounds checking. When lighttpd s request size limit is not enforced, a crafted large POST request can cause memory exhaustion or a segmentation fault, leading to a crash of the management CGI and loss of availability of the web interface.Show less
CVE-2025-70327 1Totolink 1X5000r Firmware Feb 26, 2026 Feb 23, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping...Show more TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem without validating if the input starts with a hyphen (-). This allows remote authenticated attackers to inject arbitrary command-line options into the ping utility, potentially leading to a Denial of Service (DoS) by causing excessive resource consumption or prolonged execution.Show less
CVE-2025-70329 1Totolink 1X5000r Firmware Feb 24, 2026 Feb 23, 2026 N/A· v4 8.0 HIGH· v3 N/A· v2 TOTOLink X5000R v9.1.0cu_2415_B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 (and other vlanVidLanX) parameters are retrieved via...Show more TOTOLink X5000R v9.1.0cu_2415_B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 (and other vlanVidLanX) parameters are retrieved via Uci_Get_Str and passed to the CsteSystem function without adequate validation or filtering. This allows an authenticated attacker to execute arbitrary shell commands with root privileges by injecting shell metacharacters into the affected parameters.Show less
CVE-2025-14586 1Totolink 1X5000r Firmware Apr 29, 2026 Dec 13, 2025 2.1 LOW· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument Us...Show more A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2025-13184 1Totolink 1X5000r Firmware Dec 19, 2025 Dec 10, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions t...Show more Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, may also be affected.Show less
CVE-2025-9934 1Totolink 1X5000r Firmware Apr 29, 2026 Sep 4, 2025 2.1 LOW· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote...Show more A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.Show less
CVE-2025-25605 1Totolink 1X5000r Firmware Apr 4, 2025 Feb 21, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua.
CVE-2025-25604 1Totolink 1X5000r Firmware Apr 4, 2025 Feb 21, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua.
CVE-2024-57025 1Totolink 1X5000r Firmware Apr 7, 2025 Jan 15, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg.
CVE-2024-57024 1Totolink 1X5000r Firmware Apr 7, 2025 Jan 15, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg.
CVE-2024-57023 1Totolink 1X5000r Firmware Apr 7, 2025 Jan 15, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg.
CVE-2024-57022 1Totolink 1X5000r Firmware Mar 19, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg.
CVE-2024-57021 1Totolink 1X5000r Firmware Mar 20, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg.
CVE-2024-57020 1Totolink 1X5000r Firmware Mar 18, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg.
CVE-2024-57019 1Totolink 1X5000r Firmware Mar 18, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg.
CVE-2024-57018 1Totolink 1X5000r Firmware Mar 13, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg.
CVE-2024-57017 1Totolink 1X5000r Firmware Mar 13, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg.
CVE-2024-57016 1Totolink 1X5000r Firmware Mar 24, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg.
CVE-2024-57015 1Totolink 1X5000r Firmware Mar 18, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "hour" parameter in setScheduleCfg.
CVE-2024-57014 1Totolink 1X5000r Firmware Mar 18, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg.

12 3 4 Next