Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> X5000r Firmware  Security Vulnerabilities
CVE-2024-57015
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "hour" parameter in setScheduleCfg.
CVSS Score
8.8
EPSS Score
0.036
Published
2025-01-15
CVE-2024-57016
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg.
CVSS Score
8.8
EPSS Score
0.036
Published
2025-01-15
CVE-2024-57017
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg.
CVSS Score
8.8
EPSS Score
0.036
Published
2025-01-15
CVE-2024-57018
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg.
CVSS Score
8.8
EPSS Score
0.036
Published
2025-01-15
CVE-2024-57019
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg.
CVSS Score
8.8
EPSS Score
0.036
Published
2025-01-15
CVE-2024-57020
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg.
CVSS Score
8.8
EPSS Score
0.036
Published
2025-01-15
CVE-2024-57021
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg.
CVSS Score
8.8
EPSS Score
0.036
Published
2025-01-15
CVE-2024-42740
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
6.8
EPSS Score
0.022
Published
2024-08-13
CVE-2024-42736
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
7.8
EPSS Score
0.022
Published
2024-08-13
CVE-2024-42737
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.204
Published
2024-08-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved