Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> A6000r  Security Vulnerabilities
CVE-2025-3249
A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.012
Published
2025-04-04
CVE-2024-57213
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function.
CVSS Score
6.3
EPSS Score
0.023
Published
2025-01-10
CVE-2024-57214
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
CVSS Score
6.3
EPSS Score
0.023
Published
2025-01-10
CVE-2024-57211
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function.
CVSS Score
8.0
EPSS Score
0.013
Published
2025-01-10
CVE-2024-57212
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function.
CVSS Score
5.1
EPSS Score
0.023
Published
2025-01-10
CVE-2024-41319
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.
CVSS Score
9.8
EPSS Score
0.597
Published
2024-07-23
CVE-2024-41314
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVSS Score
6.8
EPSS Score
0.017
Published
2024-07-22
CVE-2024-41315
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
CVSS Score
6.8
EPSS Score
0.017
Published
2024-07-22
CVE-2024-41316
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
CVSS Score
9.8
EPSS Score
0.128
Published
2024-07-22
CVE-2024-41317
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
CVSS Score
8.0
EPSS Score
0.023
Published
2024-07-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved