Totolink

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-25605 1Totolink 1X5000r Firmware Apr 4, 2025 Feb 21, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua.
CVE-2025-25604 1Totolink 1X5000r Firmware Apr 4, 2025 Feb 21, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua.
CVE-2025-1340 1Totolink 1X18 Firmware Mar 10, 2025 Feb 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-ba...Show more A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-1339 1Totolink 1X18 Firmware Mar 10, 2025 Feb 16, 2025 5.3 MEDIUM· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been rated as critical. This issue affects the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable le...Show more A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been rated as critical. This issue affects the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-25524 1Totolink 1X6000r Firmware Apr 29, 2025 Feb 11, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this v...Show more Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.Show less
CVE-2024-57036 1Totolink 1A810r Firmware Apr 29, 2025 Jan 21, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request...Show more TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request.Show less
CVE-2024-57025 1Totolink 1X5000r Firmware Apr 7, 2025 Jan 15, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg.
CVE-2024-57024 1Totolink 1X5000r Firmware Apr 7, 2025 Jan 15, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg.
CVE-2024-57023 1Totolink 1X5000r Firmware Apr 7, 2025 Jan 15, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg.
CVE-2024-57022 1Totolink 1X5000r Firmware Mar 19, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg.
CVE-2024-57021 1Totolink 1X5000r Firmware Mar 20, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg.
CVE-2024-57020 1Totolink 1X5000r Firmware Mar 18, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg.
CVE-2024-57019 1Totolink 1X5000r Firmware Mar 18, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg.
CVE-2024-57018 1Totolink 1X5000r Firmware Mar 13, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg.
CVE-2024-57017 1Totolink 1X5000r Firmware Mar 13, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg.
CVE-2024-57016 1Totolink 1X5000r Firmware Mar 24, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg.
CVE-2024-57015 1Totolink 1X5000r Firmware Mar 18, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "hour" parameter in setScheduleCfg.
CVE-2024-57014 1Totolink 1X5000r Firmware Mar 18, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg.
CVE-2024-57013 1Totolink 1X5000r Firmware Mar 13, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg.
CVE-2024-57012 1Totolink 1X5000r Firmware Mar 14, 2025 Jan 15, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg.

Previous 1...192021...56 Next