A6000R
by Totolink
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-41319 | 0.04 | — | 0.51 | Jul 23, 2024 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function. | |||
| CVE-2025-3249 | 0.01 | — | 0.06 | Apr 4, 2025 | A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||
| CVE-2024-57212 | 0.00 | — | 0.01 | Jan 10, 2025 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function. | |||
| CVE-2024-57211 | 0.00 | — | 0.01 | Jan 10, 2025 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function. | |||
| CVE-2024-57213 | 0.00 | — | 0.01 | Jan 10, 2025 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function. | |||
| CVE-2024-57214 | 0.00 | — | 0.01 | Jan 10, 2025 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. | |||
| CVE-2024-41317 | 0.00 | — | 0.01 | Jul 22, 2024 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. | |||
| CVE-2024-41315 | 0.00 | — | 0.00 | Jul 22, 2024 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. | |||
| CVE-2024-41314 | 0.00 | — | 0.00 | Jul 22, 2024 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. | |||
| CVE-2024-41318 | 0.00 | — | 0.03 | Jul 22, 2024 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. | |||
| CVE-2024-41320 | 0.00 | — | 0.01 | Jul 22, 2024 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function. | |||
| CVE-2024-41316 | 0.00 | — | 0.02 | Jul 22, 2024 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. | |||
| CVE-2024-37626 | 0.00 | — | 0.02 | Jun 20, 2024 | A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function. |
- CVE-2024-41319Jul 23, 2024risk 0.04cvss —epss 0.51
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.
- CVE-2025-3249Apr 4, 2025risk 0.01cvss —epss 0.06
A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
- CVE-2024-57212Jan 10, 2025risk 0.00cvss —epss 0.01
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function.
- CVE-2024-57211Jan 10, 2025risk 0.00cvss —epss 0.01
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function.
- CVE-2024-57213Jan 10, 2025risk 0.00cvss —epss 0.01
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function.
- CVE-2024-57214Jan 10, 2025risk 0.00cvss —epss 0.01
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
- CVE-2024-41317Jul 22, 2024risk 0.00cvss —epss 0.01
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
- CVE-2024-41315Jul 22, 2024risk 0.00cvss —epss 0.00
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
- CVE-2024-41314Jul 22, 2024risk 0.00cvss —epss 0.00
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
- CVE-2024-41318Jul 22, 2024risk 0.00cvss —epss 0.03
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
- CVE-2024-41320Jul 22, 2024risk 0.00cvss —epss 0.01
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function.
- CVE-2024-41316Jul 22, 2024risk 0.00cvss —epss 0.02
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
- CVE-2024-37626Jun 20, 2024risk 0.00cvss —epss 0.02
A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function.