X5000r Firmware

x5000r_firmware

Vendor: Totolink • 70 CVEs

CVEs (70)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-27003 1Totolink 2A7000r Firmware X5000r Firmware Nov 21, 2024 Mar 15, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability al...Show more Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.Show less
CVE-2022-26213 1Totolink 1X5000r Firmware Nov 21, 2024 Mar 15, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary comma...Show more Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.Show less
CVE-2021-45741 1Totolink 1X5000r Firmware Nov 21, 2024 Feb 4, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the relay6to4 parameters.
CVE-2021-45738 1Totolink 1X5000r Firmware Nov 21, 2024 Feb 4, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter F...Show more TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName.Show less
CVE-2021-45736 1Totolink 1X5000r Firmware Nov 21, 2024 Feb 4, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server paramete...Show more TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server parameters.Show less
CVE-2021-45735 1Totolink 1X5000r Firmware Nov 21, 2024 Feb 4, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software.
CVE-2021-45734 1Totolink 1X5000r Firmware Nov 21, 2024 Feb 4, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter.
CVE-2021-45733 1Totolink 1X5000r Firmware Nov 21, 2024 Feb 4, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host...Show more TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time.Show less
CVE-2021-27710 1Totolink 2A720r Firmware X5000r Firmware Nov 21, 2024 Apr 14, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modif...Show more Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "ip" parameter is directly passed to the attacker, allowing them to control the "ip" field to attack the OS.Show less
CVE-2021-27708 1Totolink 2A720r Firmware X5000r Firmware Nov 21, 2024 Apr 14, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modif...Show more Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "command" parameter is directly passed to the attacker, allowing them to control the "command" field to attack the OS.Show less

Previous 1 2 34