Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> X6000r Firmware  >> 9.4.0cu.652_b20230116  Security Vulnerabilities
CVE-2025-11005
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458_B20250708.
CVSS Score
9.8
EPSS Score
0.027
Published
2025-09-25
CVE-2025-52907
Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207.
CVSS Score
8.8
EPSS Score
0.01
Published
2025-09-24
CVE-2025-52906
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360_B20241207.
CVSS Score
9.8
EPSS Score
0.027
Published
2025-09-24
CVE-2025-52905
Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-09-23
CVE-2025-25524
Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-02-11
CVE-2023-43453
An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component.
CVSS Score
9.8
EPSS Score
0.039
Published
2023-12-01
CVE-2023-43454
An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component.
CVSS Score
9.8
EPSS Score
0.039
Published
2023-12-01
CVE-2023-43455
An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component.
CVSS Score
9.8
EPSS Score
0.039
Published
2023-12-01
CVE-2023-46408
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-10-25
CVE-2023-46409
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-10-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved