CVE-2025-11005

CWE-78OS Command Injection4 documents4 sources
Severity
9.3CRITICAL
EPSS
1.2%
top 21.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink X6000rTotolink X6000r Firmware
Timeline
PublishedSep 25
Latest updateOct 1

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458_B20250708.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H

Affected Packages2 packages

CVEListV5totolink/x6000rV9.4.0cu.1458_B20250708
NVDtotolink/x6000r_firmware9.4.0cu.1360_b20241207

🔴Vulnerability Details

2
CVEList
TOTOLINK X6000R Unauthenticated Command Injection Vulnerability2025-09-25
GHSA
GHSA-34jw-gf29-7x45: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injectio2025-09-25

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Totolink setWifiAclRules desc Parameter Command Injection Attempt (CVE-2025-11005)2025-10-01
CVE-2025-11005 (CRITICAL CVSS 9.3) | Improper Neutralization of Special | cvebase.io