Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> X5000r Firmware  Security Vulnerabilities
CVE-2023-31569
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function.
CVSS Score
9.8
EPSS Score
0.052
Published
2023-06-06
CVE-2023-33485
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-05-31
CVE-2023-33486
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-05-31
CVE-2023-33487
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-05-31
CVE-2023-30013
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.
CVSS Score
9.8
EPSS Score
0.917
Published
2023-05-05
CVE-2022-27003
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
9.8
EPSS Score
0.307
Published
2022-03-15
CVE-2022-27004
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
9.8
EPSS Score
0.307
Published
2022-03-15
CVE-2022-27005
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
9.8
EPSS Score
0.459
Published
2022-03-15
CVE-2022-26213
Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
9.8
EPSS Score
0.315
Published
2022-03-15
CVE-2021-45733
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time.
CVSS Score
9.8
EPSS Score
0.258
Published
2022-02-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved