Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> X5000r Firmware  >> 9.1.0u.6369_b20230113  Security Vulnerabilities
CVE-2025-25604
Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua.
CVSS Score
6.5
EPSS Score
0.083
Published
2025-02-21
CVE-2025-25605
Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua.
CVSS Score
6.5
EPSS Score
0.083
Published
2025-02-21
CVE-2024-42737
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.204
Published
2024-08-13
CVE-2024-42738
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.164
Published
2024-08-13
CVE-2024-42739
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.128
Published
2024-08-13
CVE-2024-42743
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.128
Published
2024-08-12
CVE-2024-42744
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.128
Published
2024-08-12
CVE-2024-42745
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.161
Published
2024-08-12
CVE-2024-42747
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.021
Published
2024-08-12
CVE-2024-42748
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.161
Published
2024-08-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved