A6000R
by Totolink
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-41319 | Cri | 0.64 | 9.8 | 0.06 | Jul 23, 2024 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function. | ||
| CVE-2024-41318 | Cri | 0.64 | 9.8 | 0.02 | Jul 22, 2024 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. | ||
| CVE-2024-41316 | Cri | 0.64 | 9.8 | 0.02 | Jul 22, 2024 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. | ||
| CVE-2024-41320 | Hig | 0.57 | 8.8 | 0.02 | Jul 22, 2024 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function. | ||
| CVE-2024-37626 | Hig | 0.57 | 8.8 | 0.02 | Jun 20, 2024 | A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function. | ||
| CVE-2024-57211 | Hig | 0.52 | 8.0 | 0.01 | Jan 10, 2025 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function. | ||
| CVE-2024-41317 | Hig | 0.52 | 8.0 | 0.02 | Jul 22, 2024 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. | ||
| CVE-2024-41315 | Med | 0.44 | 6.8 | 0.02 | Jul 22, 2024 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. | ||
| CVE-2024-41314 | Med | 0.44 | 6.8 | 0.02 | Jul 22, 2024 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. | ||
| CVE-2025-3249 | Med | 0.41 | 6.3 | 0.03 | Apr 4, 2025 | A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched… | ||
| CVE-2024-57214 | Med | 0.41 | 6.3 | 0.01 | Jan 10, 2025 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. | ||
| CVE-2024-57213 | Med | 0.41 | 6.3 | 0.01 | Jan 10, 2025 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function. | ||
| CVE-2024-57212 | Med | 0.33 | 5.1 | 0.01 | Jan 10, 2025 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function. |
- risk 0.64cvss 9.8epss 0.06
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
- risk 0.57cvss 8.8epss 0.02
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function.
- risk 0.57cvss 8.8epss 0.02
A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function.
- risk 0.52cvss 8.0epss 0.01
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function.
- risk 0.52cvss 8.0epss 0.02
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
- risk 0.44cvss 6.8epss 0.02
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
- risk 0.44cvss 6.8epss 0.02
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
- risk 0.41cvss 6.3epss 0.03
A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched…
- risk 0.41cvss 6.3epss 0.01
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
- risk 0.41cvss 6.3epss 0.01
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function.
- risk 0.33cvss 5.1epss 0.01
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function.