Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> X6000r Firmware  Security Vulnerabilities
CVE-2023-48811
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-11-30
CVE-2023-48812
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-11-30
CVE-2023-48802
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-11-30
CVE-2023-48803
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-11-30
CVE-2023-48804
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-11-30
CVE-2023-48805
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-11-30
CVE-2023-48806
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-11-30
CVE-2023-48807
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-11-30
CVE-2023-46484
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.
CVSS Score
9.8
EPSS Score
0.046
Published
2023-10-31
CVE-2023-46485
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.
CVSS Score
9.8
EPSS Score
0.046
Published
2023-10-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved