X5000r Firmware

x5000r_firmware

Vendor: Totolink • 70 CVEs

CVEs (70)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-57013 1Totolink 1X5000r Firmware Mar 13, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg.
CVE-2024-57012 1Totolink 1X5000r Firmware Mar 14, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg.
CVE-2024-57011 1Totolink 1X5000r Firmware Mar 17, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg.
CVE-2024-42740 1Totolink 1X5000r Firmware Apr 4, 2025 Aug 13, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42739 1Totolink 1X5000r Firmware Aug 14, 2024 Aug 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary comma...Show more In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.Show less
CVE-2024-42738 1Totolink 1X5000r Firmware Aug 14, 2024 Aug 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42737 1Totolink 1X5000r Firmware Aug 13, 2024 Aug 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42736 1Totolink 1X5000r Firmware Apr 4, 2025 Aug 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42748 1Totolink 1X5000r Firmware Aug 13, 2024 Aug 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42747 1Totolink 1X5000r Firmware Aug 13, 2024 Aug 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42745 1Totolink 1X5000r Firmware Aug 13, 2024 Aug 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42744 1Totolink 1X5000r Firmware Aug 15, 2024 Aug 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary command...Show more In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.Show less
CVE-2024-42743 1Totolink 1X5000r Firmware Aug 13, 2024 Aug 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42742 1Totolink 1X5000r Firmware Aug 13, 2024 Aug 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary comman...Show more In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands.Show less
CVE-2024-42741 1Totolink 1X5000r Firmware Aug 13, 2024 Aug 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary command...Show more In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.Show less
CVE-2024-32355 1Totolink 1X5000r Firmware Apr 4, 2025 May 14, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'password' parameter in the setSSServer function.
CVE-2024-32354 1Totolink 1X5000r Firmware Apr 4, 2025 May 14, 2024 N/A· v4 6.0 MEDIUM· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.
CVE-2024-32353 1Totolink 1X5000r Firmware Apr 4, 2025 May 14, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.
CVE-2024-32352 1Totolink 1X5000r Firmware Apr 4, 2025 May 14, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary.
CVE-2024-32351 1Totolink 1X5000r Firmware Apr 4, 2025 May 14, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mru" parameter in the "cstecgi.cgi" binary.

Previous 123 4 Next