Filtered by vendor Totolink Subscriptions
Filtered by product X5000r Subscriptions
Total 38 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-45741 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 7.5 High
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the relay6to4 parameters.
CVE-2021-45738 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 9.8 Critical
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName.
CVE-2021-45736 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 7.5 High
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server parameters.
CVE-2021-45735 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 7.5 High
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software.
CVE-2021-45734 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 7.5 High
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter.
CVE-2021-45733 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 9.8 Critical
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time.
CVE-2021-27710 1 Totolink 4 A720r, A720r Firmware, X5000r and 1 more 2024-11-21 9.8 Critical
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "ip" parameter is directly passed to the attacker, allowing them to control the "ip" field to attack the OS.
CVE-2021-27708 1 Totolink 4 A720r, A720r Firmware, X5000r and 1 more 2024-11-21 9.8 Critical
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "command" parameter is directly passed to the attacker, allowing them to control the "command" field to attack the OS.
CVE-2024-42744 1 Totolink 2 X5000r, X5000r Firmware 2024-08-15 8.8 High
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42738 1 Totolink 2 X5000r, X5000r Firmware 2024-08-14 8.8 High
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42739 1 Totolink 2 X5000r, X5000r Firmware 2024-08-14 8.8 High
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42742 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 8.8 High
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42743 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 8.8 High
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42737 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 9.8 Critical
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42747 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 7.3 High
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42741 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 7.8 High
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42745 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 9.8 Critical
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42748 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 9.8 Critical
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.