VYPR

X6000R

by Totolink

CVEs (57)

  • CVE-2023-46410CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function.

  • CVE-2023-46409CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function.

  • CVE-2023-46408CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function.

  • CVE-2026-1723CriJan 30, 2026
    risk 0.60cvss epss 0.01

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826.

  • CVE-2024-2353HigMar 10, 2024
    risk 0.58cvss 8.8epss 0.04

    A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection.…

  • CVE-2023-46978HigOct 31, 2023
    risk 0.49cvss 7.5epss 0.01

    TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication.

  • CVE-2026-4611HigMar 23, 2026
    risk 0.47cvss 7.2epss 0.03

    A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched…

  • CVE-2025-52284MedJul 29, 2025
    risk 0.42cvss 6.5epss 0.02

    Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.

  • CVE-2024-7907MedAug 18, 2024
    risk 0.41cvss 6.3epss 0.06

    A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be…

  • CVE-2025-25524MedFeb 11, 2025
    risk 0.33cvss 5.1epss 0.00

    Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or…

  • CVE-2024-1661LowFeb 20, 2024
    risk 0.16cvss 2.5epss 0.00

    A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local…

  • CVE-2025-52053Sep 15, 2025
    risk 0.05cvss epss 0.04

    TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.

  • CVE-2025-70328Feb 23, 2026
    risk 0.00cvss epss 0.02

    TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The host_time parameter is retrieved via sub_40C404 and passed to a date -s shell command through CsteSystem. While the first…

  • CVE-2025-11005Sep 25, 2025
    risk 0.00cvss epss 0.01

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458_B20250708.

  • CVE-2025-52907Sep 24, 2025
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

  • CVE-2025-52906Sep 24, 2025
    risk 0.00cvss epss 0.13

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

  • CVE-2025-52905Sep 23, 2025
    risk 0.00cvss epss 0.08

    Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

Page 3 of 3