Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> X5000r Firmware  Security Vulnerabilities
CVE-2024-32353
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.
CVSS Score
9.8
EPSS Score
0.046
Published
2024-05-14
CVE-2024-32354
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.
CVSS Score
6.0
EPSS Score
0.006
Published
2024-05-14
CVE-2024-32355
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'password' parameter in the setSSServer function.
CVSS Score
8.0
EPSS Score
0.008
Published
2024-05-14
CVE-2024-32349
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mtu" parameters in the "cstecgi.cgi" binary.
CVSS Score
6.0
EPSS Score
0.009
Published
2024-05-14
CVE-2024-32350
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecPsk" parameter in the "cstecgi.cgi" binary.
CVSS Score
8.8
EPSS Score
0.046
Published
2024-05-14
CVE-2024-32351
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mru" parameter in the "cstecgi.cgi" binary.
CVSS Score
8.8
EPSS Score
0.046
Published
2024-05-14
CVE-2024-34921
TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the disconnectVPN function.
CVSS Score
8.8
EPSS Score
0.018
Published
2024-05-14
CVE-2024-28639
Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field.
CVSS Score
9.8
EPSS Score
0.026
Published
2024-03-16
CVE-2024-28640
Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field.
CVSS Score
7.5
EPSS Score
0.005
Published
2024-03-16
CVE-2024-25468
An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component.
CVSS Score
7.5
EPSS Score
0.006
Published
2024-02-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved