VYPR

X5000r Firmware

by Totolink

Source repositories

CVEs (3)

  • CVE-2025-14586MedDec 13, 2025
    risk 0.41cvss 6.3epss 0.02

    A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the…

  • CVE-2025-9934MedSep 4, 2025
    risk 0.41cvss 6.3epss 0.04

    A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has…

  • CVE-2022-26213Mar 15, 2022
    risk 0.03cvss epss 0.26

    Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.