CVE-2025-52907Improper Input Validation in X6000r

CWE-20Improper Input Validation5 documents4 sources
Severity
7.3HIGHNVD
EPSS
0.4%
top 42.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink X6000rTotolink X6000r Firmware
Timeline
PublishedSep 24
Latest updateOct 1

Description

Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:H/VA:L/SC:H/SI:H/SA:H

Affected Packages2 packages

CVEListV5totolink/x6000rV9.4.0cu.1360_B20241207
NVDtotolink/x6000r_firmware9.4.0cu.1360_b20241207

🔴Vulnerability Details

2
CVEList
TOTOLINK X6000R Security Bypass Vulnerability2025-09-24
GHSA
GHSA-4g85-q6g8-m8qc: Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation2025-09-24

🕵️Threat Intelligence

1
Unit42
TOTOLINK X6000R: Three New Vulnerabilities Uncovered2025-10-01
CVE-2025-52907 — Improper Input Validation in X6000r | cvebase