VYPR

X5000R

by Totolink

CVEs (70)

  • CVE-2024-42744Aug 12, 2024
    risk 0.00cvss epss 0.02

    In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.

  • CVE-2024-32355May 14, 2024
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'password' parameter in the setSSServer function.

  • CVE-2024-32354May 14, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.

  • CVE-2024-32353May 14, 2024
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.

  • CVE-2024-32352May 14, 2024
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary.

  • CVE-2024-32351May 14, 2024
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mru" parameter in the "cstecgi.cgi" binary.

  • CVE-2024-32350May 14, 2024
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecPsk" parameter in the "cstecgi.cgi" binary.

  • CVE-2024-32349May 14, 2024
    risk 0.00cvss epss 0.01

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mtu" parameters in the "cstecgi.cgi" binary.

  • CVE-2024-28639Mar 16, 2024
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field.

  • CVE-2024-25468Feb 17, 2024
    risk 0.00cvss epss 0.01

    An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component.

Page 4 of 4