Vulnerabilities (CVE)

Filtered by vendor Totolink Subscribe
Filtered by product X5000r
Total 34 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-33486 1 Totolink 2 X5000r, X5000r Firmware 2024-02-28 N/A 9.8 CRITICAL
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter.
CVE-2023-33487 1 Totolink 2 X5000r, X5000r Firmware 2024-02-28 N/A 9.8 CRITICAL
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter.
CVE-2023-31569 1 Totolink 2 X5000r, X5000r Firmware 2024-02-28 N/A 9.8 CRITICAL
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function.
CVE-2023-30013 1 Totolink 2 X5000r, X5000r Firmware 2024-02-28 N/A 9.8 CRITICAL
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.
CVE-2023-33485 1 Totolink 2 X5000r, X5000r Firmware 2024-02-28 N/A 8.8 HIGH
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function.
CVE-2022-26213 1 Totolink 2 X5000r, X5000r Firmware 2024-02-28 7.5 HIGH 9.8 CRITICAL
Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2021-45735 1 Totolink 2 X5000r, X5000r Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software.
CVE-2021-45738 1 Totolink 2 X5000r, X5000r Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName.
CVE-2021-45734 1 Totolink 2 X5000r, X5000r Firmware 2024-02-28 7.8 HIGH 7.5 HIGH
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter.
CVE-2021-45733 1 Totolink 2 X5000r, X5000r Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time.
CVE-2021-45736 1 Totolink 2 X5000r, X5000r Firmware 2024-02-28 7.8 HIGH 7.5 HIGH
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server parameters.
CVE-2021-45741 1 Totolink 2 X5000r, X5000r Firmware 2024-02-28 7.8 HIGH 7.5 HIGH
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the relay6to4 parameters.
CVE-2021-27708 1 Totolink 4 A720r, A720r Firmware, X5000r and 1 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "command" parameter is directly passed to the attacker, allowing them to control the "command" field to attack the OS.
CVE-2021-27710 1 Totolink 4 A720r, A720r Firmware, X5000r and 1 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "ip" parameter is directly passed to the attacker, allowing them to control the "ip" field to attack the OS.