VYPR

X2000R-Gh

by Totolink

CVEs (43)

  • CVE-2023-46546CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats.

  • CVE-2023-46545CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc.

  • CVE-2023-46544CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWirelessTbl.

  • CVE-2023-46543CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey.

  • CVE-2023-46542CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig.

  • CVE-2023-46541CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup.

  • CVE-2023-46540CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp.

  • CVE-2024-28404HigMar 15, 2024
    risk 0.52cvss 8.0epss 0.00

    TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page.

  • CVE-2025-8181HigJul 26, 2025
    risk 0.47cvss 7.2epss 0.01

    A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack…

  • CVE-2023-7222HigJan 9, 2024
    risk 0.47cvss 7.2epss 0.01

    A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer…

  • CVE-2025-5504MedJun 3, 2025
    risk 0.42cvss 6.3epss 0.15

    A vulnerability has been found in TOTOLINK X2000R 1.0.0-B20230726.1108 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWsc. The manipulation of the argument peerRptPin leads to command injection. The attack can be initiated remotely.…

  • CVE-2025-5515MedJun 3, 2025
    risk 0.41cvss 6.3epss 0.05

    A vulnerability, which was classified as critical, has been found in TOTOLINK X2000R 1.0.0-B20230726.1108. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel. The manipulation of the argument devicemac1 leads to command injection. The attack may…

  • CVE-2024-0579MedJan 16, 2024
    risk 0.41cvss 6.3epss 0.03

    A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command injection. The attack can be…

  • CVE-2024-28402MedApr 11, 2024
    risk 0.38cvss 5.9epss 0.00

    TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page.

  • CVE-2024-29419MedMar 20, 2024
    risk 0.35cvss 5.4epss 0.00

    There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013.

  • CVE-2024-28401MedMar 15, 2024
    risk 0.35cvss 5.4epss 0.00

    TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page.

  • CVE-2024-28403MedMar 15, 2024
    risk 0.35cvss 5.4epss 0.00

    TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN Page.

  • CVE-2024-33433MedMay 14, 2024
    risk 0.31cvss 4.8epss 0.01

    Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page.

  • CVE-2025-9577LowAug 28, 2025
    risk 0.16cvss 2.5epss 0.00

    A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement.…

  • CVE-2025-5543LowJun 3, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page. The manipulation of the argument Device Name leads to cross site scripting.…