Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> X5000r Firmware  Security Vulnerabilities
CVE-2025-9934
A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
CVSS Score
6.3
EPSS Score
0.028
Published
2025-09-04
CVE-2025-25604
Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua.
CVSS Score
6.5
EPSS Score
0.077
Published
2025-02-21
CVE-2025-25605
Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua.
CVSS Score
6.5
EPSS Score
0.077
Published
2025-02-21
CVE-2024-57022
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg.
CVSS Score
8.8
EPSS Score
0.053
Published
2025-01-15
CVE-2024-57023
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg.
CVSS Score
6.8
EPSS Score
0.019
Published
2025-01-15
CVE-2024-57024
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg.
CVSS Score
6.8
EPSS Score
0.019
Published
2025-01-15
CVE-2024-57025
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg.
CVSS Score
6.8
EPSS Score
0.019
Published
2025-01-15
CVE-2024-57011
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg.
CVSS Score
8.8
EPSS Score
0.017
Published
2025-01-15
CVE-2024-57012
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg.
CVSS Score
8.8
EPSS Score
0.053
Published
2025-01-15
CVE-2024-57013
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg.
CVSS Score
8.8
EPSS Score
0.053
Published
2025-01-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved