Totolink X6000R vulnerabilities

CVE-2026-4611 [HIGH] CWE-77 CVE-2026-4611: A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely.

CVE-2026-1723 [CRITICAL] CWE-78 CVE-2026-1723: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826.

CVE-2025-11005 [CRITICAL] CWE-78 CVE-2025-11005: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458_B20250708.

CVE-2025-52906 [CRITICAL] CWE-78 CVE-2025-52906: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

CVE-2025-52907 [HIGH] CWE-20 CVE-2025-52907: Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulati Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

CVE-2025-52905 [HIGH] CWE-20 CVE-2025-52905: Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

CVE-2024-7907 [MEDIUM] CWE-77 CVE-2024-7907: A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_202 A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be u

CVE-2024-2353 [HIGH] CWE-78 CVE-2024-2353: A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_202 A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the

CVE-2024-1661 [LOW] CWE-798 CVE-2024-1661: A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affect A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to b