Totolink: >> X5000r Firmware >> 9.1.0cu.2089_b20211224 Security Vulnerabilities
A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
CVSS Score
6.3
EPSS Score
0.016
Published
2025-12-13
TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.
CVSS Score
9.8
EPSS Score
0.06
Published
2023-08-21