Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> X5000r Firmware  >> 9.1.0cu.2350_b20230313  Security Vulnerabilities
CVE-2024-57017
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg.
CVSS Score
8.8
EPSS Score
0.054
Published
2025-01-15
CVE-2024-57018
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg.
CVSS Score
8.8
EPSS Score
0.054
Published
2025-01-15
CVE-2024-57019
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg.
CVSS Score
8.8
EPSS Score
0.054
Published
2025-01-15
CVE-2024-57020
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg.
CVSS Score
8.8
EPSS Score
0.054
Published
2025-01-15
CVE-2024-57021
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg.
CVSS Score
8.8
EPSS Score
0.054
Published
2025-01-15
CVE-2024-42740
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
6.8
EPSS Score
0.022
Published
2024-08-13
CVE-2024-42736
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
7.8
EPSS Score
0.022
Published
2024-08-13
CVE-2024-32352
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary.
CVSS Score
8.8
EPSS Score
0.046
Published
2024-05-14
CVE-2024-32353
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.
CVSS Score
9.8
EPSS Score
0.046
Published
2024-05-14
CVE-2024-32354
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.
CVSS Score
6.0
EPSS Score
0.006
Published
2024-05-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved