Totolink: >> X6000r Firmware Security Vulnerabilities
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.
CVSS Score
9.8
EPSS Score
0.046
Published
2023-10-31
TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-31
TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function.
CVSS Score
9.8
EPSS Score
0.032
Published
2023-10-31
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-10-25
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-10-25
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-10-25
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-10-25
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_41D998 function.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-10-25
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-10-25
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ 41D494 function.
CVSS Score
9.8
EPSS Score
0.05
Published
2023-10-25