CVE-2025-52284

CWE-77Command InjectionCWE-4154 documents4 sources
Severity
6.5MEDIUM
EPSS
28.8%
top 3.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Totolink X6000r Firmware
Timeline
PublishedJul 29

Description

Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

NVDtotolink/x6000r_firmware9.4.0cu.1360_b20241207

🔴Vulnerability Details

2
GHSA
GHSA-6m6p-wp2f-xjqc: Totolink X6000R V92025-07-29
CVEList
CVE-2025-52284: Totolink X6000R V92025-07-29

📋Vendor Advisories

1
Microsoft
Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset2023-12-12
CVE-2025-52284 (MEDIUM CVSS 6.5) | Totolink X6000R V9.4.0cu.1360_B2024 | cvebase.io