X5000R
by Totolink
CVEs (70)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-57012 | 0.00 | — | 0.02 | Jan 15, 2025 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg. | |||
| CVE-2024-57020 | 0.00 | — | 0.02 | Jan 15, 2025 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg. | |||
| CVE-2024-57021 | 0.00 | — | 0.02 | Jan 15, 2025 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg. | |||
| CVE-2024-57019 | 0.00 | — | 0.02 | Jan 15, 2025 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg. | |||
| CVE-2024-57013 | 0.00 | — | 0.02 | Jan 15, 2025 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg. | |||
| CVE-2024-57018 | 0.00 | — | 0.02 | Jan 15, 2025 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg. | |||
| CVE-2024-57011 | 0.00 | — | 0.02 | Jan 15, 2025 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg. | |||
| CVE-2024-57025 | 0.00 | — | 0.01 | Jan 15, 2025 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg. | |||
| CVE-2024-57014 | 0.00 | — | 0.01 | Jan 15, 2025 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg. | |||
| CVE-2024-57024 | 0.00 | — | 0.01 | Jan 15, 2025 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg. | |||
| CVE-2024-57022 | 0.00 | — | 0.02 | Jan 15, 2025 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg. | |||
| CVE-2024-57017 | 0.00 | — | 0.02 | Jan 15, 2025 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg. | |||
| CVE-2024-42736 | 0.00 | — | 0.02 | Aug 13, 2024 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||
| CVE-2024-42739 | 0.00 | — | 0.02 | Aug 13, 2024 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||
| CVE-2024-42738 | 0.00 | — | 0.02 | Aug 13, 2024 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||
| CVE-2024-42740 | 0.00 | — | 0.03 | Aug 13, 2024 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||
| CVE-2024-42747 | 0.00 | — | 0.01 | Aug 12, 2024 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||
| CVE-2024-42743 | 0.00 | — | 0.02 | Aug 12, 2024 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||
| CVE-2024-42742 | 0.00 | — | 0.02 | Aug 12, 2024 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||
| CVE-2024-42741 | 0.00 | — | 0.01 | Aug 12, 2024 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. |
- CVE-2024-57012Jan 15, 2025risk 0.00cvss —epss 0.02
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg.
- CVE-2024-57020Jan 15, 2025risk 0.00cvss —epss 0.02
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg.
- CVE-2024-57021Jan 15, 2025risk 0.00cvss —epss 0.02
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg.
- CVE-2024-57019Jan 15, 2025risk 0.00cvss —epss 0.02
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg.
- CVE-2024-57013Jan 15, 2025risk 0.00cvss —epss 0.02
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg.
- CVE-2024-57018Jan 15, 2025risk 0.00cvss —epss 0.02
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg.
- CVE-2024-57011Jan 15, 2025risk 0.00cvss —epss 0.02
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg.
- CVE-2024-57025Jan 15, 2025risk 0.00cvss —epss 0.01
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg.
- CVE-2024-57014Jan 15, 2025risk 0.00cvss —epss 0.01
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg.
- CVE-2024-57024Jan 15, 2025risk 0.00cvss —epss 0.01
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg.
- CVE-2024-57022Jan 15, 2025risk 0.00cvss —epss 0.02
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg.
- CVE-2024-57017Jan 15, 2025risk 0.00cvss —epss 0.02
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg.
- CVE-2024-42736Aug 13, 2024risk 0.00cvss —epss 0.02
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
- CVE-2024-42739Aug 13, 2024risk 0.00cvss —epss 0.02
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
- CVE-2024-42738Aug 13, 2024risk 0.00cvss —epss 0.02
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
- CVE-2024-42740Aug 13, 2024risk 0.00cvss —epss 0.03
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
- CVE-2024-42747Aug 12, 2024risk 0.00cvss —epss 0.01
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
- CVE-2024-42743Aug 12, 2024risk 0.00cvss —epss 0.02
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands.
- CVE-2024-42742Aug 12, 2024risk 0.00cvss —epss 0.02
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands.
- CVE-2024-42741Aug 12, 2024risk 0.00cvss —epss 0.01
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
Page 3 of 4