VYPR

X6000r Firmware

by Totolink

CVEs (4)

  • CVE-2026-4611HigMar 23, 2026
    risk 0.47cvss 7.2epss 0.03

    A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched…

  • CVE-2023-48800Dec 4, 2023
    risk 0.00cvss epss 0.02

    In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.

  • CVE-2023-48799Dec 4, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution.

  • CVE-2023-48801Dec 1, 2023
    risk 0.00cvss epss 0.02

    In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.