Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> X5000r  Security Vulnerabilities
CVE-2025-14586
A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
CVSS Score
6.3
EPSS Score
0.016
Published
2025-12-13
CVE-2025-13184
Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, may also be affected.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-10
CVE-2025-9934
A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
CVSS Score
6.3
EPSS Score
0.022
Published
2025-09-04
CVE-2025-25604
Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua.
CVSS Score
6.5
EPSS Score
0.049
Published
2025-02-21
CVE-2025-25605
Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua.
CVSS Score
6.5
EPSS Score
0.049
Published
2025-02-21
CVE-2024-57022
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg.
CVSS Score
8.8
EPSS Score
0.07
Published
2025-01-15
CVE-2024-57023
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg.
CVSS Score
6.8
EPSS Score
0.019
Published
2025-01-15
CVE-2024-57024
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg.
CVSS Score
6.8
EPSS Score
0.019
Published
2025-01-15
CVE-2024-57025
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg.
CVSS Score
6.8
EPSS Score
0.019
Published
2025-01-15
CVE-2024-57011
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg.
CVSS Score
8.8
EPSS Score
0.023
Published
2025-01-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved