VYPR

A6000R

by Totolink

CVEs (13)

  • CVE-2024-41319CriJul 23, 2024
    risk 0.64cvss 9.8epss 0.06

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.

  • CVE-2024-41318CriJul 22, 2024
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.

  • CVE-2024-41316CriJul 22, 2024
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.

  • CVE-2024-41320HigJul 22, 2024
    risk 0.57cvss 8.8epss 0.02

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function.

  • CVE-2024-37626HigJun 20, 2024
    risk 0.57cvss 8.8epss 0.02

    A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function.

  • CVE-2024-57211HigJan 10, 2025
    risk 0.52cvss 8.0epss 0.01

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function.

  • CVE-2024-41317HigJul 22, 2024
    risk 0.52cvss 8.0epss 0.02

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.

  • CVE-2024-41315MedJul 22, 2024
    risk 0.44cvss 6.8epss 0.02

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.

  • CVE-2024-41314MedJul 22, 2024
    risk 0.44cvss 6.8epss 0.02

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.

  • CVE-2025-3249MedApr 4, 2025
    risk 0.41cvss 6.3epss 0.03

    A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched…

  • CVE-2024-57214MedJan 10, 2025
    risk 0.41cvss 6.3epss 0.01

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.

  • CVE-2024-57213MedJan 10, 2025
    risk 0.41cvss 6.3epss 0.01

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function.

  • CVE-2024-57212MedJan 10, 2025
    risk 0.33cvss 5.1epss 0.01

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function.