Vulnerabilities (CVE)

Filtered by vendor Totolink Subscribe
Filtered by product X5000r Firmware
Total 34 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-45734 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 7.8 HIGH 7.5 HIGH
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter.
CVE-2021-45733 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time.
CVE-2021-27710 1 Totolink 4 A720r, A720r Firmware, X5000r and 1 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "ip" parameter is directly passed to the attacker, allowing them to control the "ip" field to attack the OS.
CVE-2021-27708 1 Totolink 4 A720r, A720r Firmware, X5000r and 1 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "command" parameter is directly passed to the attacker, allowing them to control the "command" field to attack the OS.
CVE-2024-42744 1 Totolink 2 X5000r, X5000r Firmware 2024-08-15 N/A 8.8 HIGH
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42738 1 Totolink 2 X5000r, X5000r Firmware 2024-08-14 N/A 8.8 HIGH
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42739 1 Totolink 2 X5000r, X5000r Firmware 2024-08-14 N/A 8.8 HIGH
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42742 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 N/A 8.8 HIGH
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42743 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 N/A 8.8 HIGH
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42737 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 N/A 8.8 HIGH
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42747 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 N/A 8.8 HIGH
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42741 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 N/A 8.8 HIGH
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42745 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 N/A 8.8 HIGH
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42748 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 N/A 8.8 HIGH
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.