X2000R-Gh
by Totolink
CVEs (43)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-46546 | Cri | 0.64 | 9.8 | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats. | ||
| CVE-2023-46545 | Cri | 0.64 | 9.8 | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc. | ||
| CVE-2023-46544 | Cri | 0.64 | 9.8 | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWirelessTbl. | ||
| CVE-2023-46543 | Cri | 0.64 | 9.8 | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey. | ||
| CVE-2023-46542 | Cri | 0.64 | 9.8 | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig. | ||
| CVE-2023-46541 | Cri | 0.64 | 9.8 | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup. | ||
| CVE-2023-46540 | Cri | 0.64 | 9.8 | 0.01 | Oct 25, 2023 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp. | ||
| CVE-2024-28404 | Hig | 0.52 | 8.0 | 0.00 | Mar 15, 2024 | TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. | ||
| CVE-2025-8181 | Hig | 0.47 | 7.2 | 0.01 | Jul 26, 2025 | A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack… | ||
| CVE-2023-7222 | Hig | 0.47 | 7.2 | 0.01 | Jan 9, 2024 | A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer… | ||
| CVE-2025-5504 | Med | 0.42 | 6.3 | 0.15 | Jun 3, 2025 | A vulnerability has been found in TOTOLINK X2000R 1.0.0-B20230726.1108 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWsc. The manipulation of the argument peerRptPin leads to command injection. The attack can be initiated remotely.… | ||
| CVE-2025-5515 | Med | 0.41 | 6.3 | 0.05 | Jun 3, 2025 | A vulnerability, which was classified as critical, has been found in TOTOLINK X2000R 1.0.0-B20230726.1108. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel. The manipulation of the argument devicemac1 leads to command injection. The attack may… | ||
| CVE-2024-0579 | Med | 0.41 | 6.3 | 0.03 | Jan 16, 2024 | A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command injection. The attack can be… | ||
| CVE-2024-28402 | Med | 0.38 | 5.9 | 0.00 | Apr 11, 2024 | TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. | ||
| CVE-2024-29419 | Med | 0.35 | 5.4 | 0.00 | Mar 20, 2024 | There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013. | ||
| CVE-2024-28401 | Med | 0.35 | 5.4 | 0.00 | Mar 15, 2024 | TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page. | ||
| CVE-2024-28403 | Med | 0.35 | 5.4 | 0.00 | Mar 15, 2024 | TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN Page. | ||
| CVE-2024-33433 | Med | 0.31 | 4.8 | 0.01 | May 14, 2024 | Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page. | ||
| CVE-2025-9577 | Low | 0.16 | 2.5 | 0.00 | Aug 28, 2025 | A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement.… | ||
| CVE-2025-5543 | Low | 0.16 | 2.4 | 0.00 | Jun 3, 2025 | A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page. The manipulation of the argument Device Name leads to cross site scripting.… |
- risk 0.64cvss 9.8epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats.
- risk 0.64cvss 9.8epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc.
- risk 0.64cvss 9.8epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWirelessTbl.
- risk 0.64cvss 9.8epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey.
- risk 0.64cvss 9.8epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig.
- risk 0.64cvss 9.8epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup.
- risk 0.64cvss 9.8epss 0.01
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp.
- risk 0.52cvss 8.0epss 0.00
TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page.
- risk 0.47cvss 7.2epss 0.01
A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack…
- risk 0.47cvss 7.2epss 0.01
A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer…
- risk 0.42cvss 6.3epss 0.15
A vulnerability has been found in TOTOLINK X2000R 1.0.0-B20230726.1108 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWsc. The manipulation of the argument peerRptPin leads to command injection. The attack can be initiated remotely.…
- risk 0.41cvss 6.3epss 0.05
A vulnerability, which was classified as critical, has been found in TOTOLINK X2000R 1.0.0-B20230726.1108. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel. The manipulation of the argument devicemac1 leads to command injection. The attack may…
- risk 0.41cvss 6.3epss 0.03
A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command injection. The attack can be…
- risk 0.38cvss 5.9epss 0.00
TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page.
- risk 0.35cvss 5.4epss 0.00
There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013.
- risk 0.35cvss 5.4epss 0.00
TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page.
- risk 0.35cvss 5.4epss 0.00
TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN Page.
- risk 0.31cvss 4.8epss 0.01
Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page.
- risk 0.16cvss 2.5epss 0.00
A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement.…
- risk 0.16cvss 2.4epss 0.00
A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page. The manipulation of the argument Device Name leads to cross site scripting.…
Page 2 of 3