cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-52723,https://securityvulnerability.io/vulnerability/CVE-2024-52723,Command Execution Vulnerability in TOTOLINK X6000R Router Software,"An inherent vulnerability in the TOTOLINK X6000R router's software is identified as a flaw in the shttpd file, where the Uci_Set Str function is inadequately protected by parameter filtering. This oversight enables attackers to craft and submit malicious payloads, which can lead to arbitrary command execution. As a result, unauthorized users may gain control over the affected router's functionalities, posing a significant threat to network security and data integrity.",Totolink,X6000r Firmware,9.8,CRITICAL,0.0016799999866634607,false,false,false,false,,false,false,2024-11-22T16:15:00.000Z,0
CVE-2024-7907,https://securityvulnerability.io/vulnerability/CVE-2024-7907,Command Injection Vulnerability in TOTOLINK X6000R Router,"A critical command injection vulnerability exists in the TOTOLINK X6000R router, specifically affecting the setSyslogCfg function within the /cgi-bin/cstecgi.cgi file. By manipulating the rtLogServer argument, an attacker can execute arbitrary commands on the device. This vulnerability can be exploited remotely, posing a significant risk to users. The details were disclosed publicly, prompting immediate action from cybersecurity professionals. Unfortunately, the vendor did not respond to early notifications regarding this security issue. Users of the affected product are advised to take necessary precautions, including updating their devices and monitoring for unusual activity.",TOTOLINK,X6000r Firmware,9.8,CRITICAL,0.0032500000670552254,false,false,false,false,,false,false,2024-08-18T16:15:00.000Z,0
CVE-2023-52038,https://securityvulnerability.io/vulnerability/CVE-2023-52038,Arbitrary Command Execution Vulnerability in TOTOLINK X6000R by TOTOLINK,"A security flaw has been identified in the TOTOLINK X6000R router, specifically in version v9.4.0cu.852_B20230719. This vulnerability permits attackers to execute arbitrary commands through the sub_415C80 function, potentially compromising the integrity and security of the device. Users of affected versions are recommended to apply patches or upgrades to mitigate the risk associated with this vulnerability.",Totolink,X6000r Firmware,9.8,CRITICAL,0.0727199986577034,false,false,false,false,,false,false,2024-01-24T00:00:00.000Z,0
CVE-2023-52039,https://securityvulnerability.io/vulnerability/CVE-2023-52039,Arbitrary Command Execution Vulnerability in TOTOLINK X6000R Product,"The Totolink X6000R device has a vulnerability that enables attackers to execute arbitrary commands through the sub_415AA4 function. This issue poses significant risks to the integrity and confidentiality of system operations, allowing potential unauthorized access and control over affected devices. Administrators are advised to apply necessary security updates and configurations to mitigate these risks effectively.",Totolink,X6000r Firmware,9.8,CRITICAL,0.0727199986577034,false,false,false,false,,false,false,2024-01-24T00:00:00.000Z,0
CVE-2023-52040,https://securityvulnerability.io/vulnerability/CVE-2023-52040,Arbitrary Command Execution Vulnerability in TOTOLINK X6000R by TOTOLINK,"A vulnerability identified in the TOTOLINK X6000R router enables attackers to execute arbitrary commands through the sub_41284C function. This flaw permits unauthorized access and manipulation of the device, potentially leading to compromised network security. Proper measures must be taken to evaluate and patch the affected versions to mitigate this security risk.",Totolink,X6000r Firmware,9.8,CRITICAL,0.0727199986577034,false,false,false,false,,false,false,2024-01-24T00:00:00.000Z,0
CVE-2023-52042,https://securityvulnerability.io/vulnerability/CVE-2023-52042,Arbitrary Command Execution Vulnerability in TOTOLINK X6000R by TOTOLINK,"A vulnerability exists in the sub_4117F8 function of TOTOLINK X6000R firmware version V9.4.0cu.852_B20230719, which enables attackers to execute arbitrary commands by manipulating the 'lang' parameter. This exploitation could potentially lead to unauthorized access and control over the affected device, posing a significant risk to users and their networks.",Totolink,X6000r Firmware,9.8,CRITICAL,0.0727199986577034,false,false,false,false,,false,false,2024-01-16T00:00:00.000Z,0
CVE-2023-48800,https://securityvulnerability.io/vulnerability/CVE-2023-48800,,"In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.",Totolink,X6000r Firmware,9.8,CRITICAL,0.008410000242292881,false,false,false,false,,false,false,2023-12-04T00:00:00.000Z,0
CVE-2023-48799,https://securityvulnerability.io/vulnerability/CVE-2023-48799,,TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution.,Totolink,X6000r Firmware,9.8,CRITICAL,0.013100000098347664,false,false,false,false,,false,false,2023-12-04T00:00:00.000Z,0
CVE-2023-43453,https://securityvulnerability.io/vulnerability/CVE-2023-43453,,An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component.,Totolink,X6000r Firmware,9.8,CRITICAL,0.0031900000758469105,false,false,false,false,,false,false,2023-12-01T02:15:00.000Z,0
CVE-2023-43455,https://securityvulnerability.io/vulnerability/CVE-2023-43455,,An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component.,Totolink,X6000r Firmware,9.8,CRITICAL,0.0031900000758469105,false,false,false,false,,false,false,2023-12-01T02:15:00.000Z,0
CVE-2023-43454,https://securityvulnerability.io/vulnerability/CVE-2023-43454,,An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component.,Totolink,X6000r Firmware,9.8,CRITICAL,0.0031900000758469105,false,false,false,false,,false,false,2023-12-01T02:15:00.000Z,0
CVE-2023-48801,https://securityvulnerability.io/vulnerability/CVE-2023-48801,,"In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.",Totolink,X6000r Firmware,9.8,CRITICAL,0.013100000098347664,false,false,false,false,,false,false,2023-12-01T00:00:00.000Z,0
CVE-2023-48811,https://securityvulnerability.io/vulnerability/CVE-2023-48811,,"In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,false,false,false,,false,false,2023-11-30T00:00:00.000Z,0
CVE-2023-48808,https://securityvulnerability.io/vulnerability/CVE-2023-48808,,"In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,false,false,false,,false,false,2023-11-30T00:00:00.000Z,0
CVE-2023-48806,https://securityvulnerability.io/vulnerability/CVE-2023-48806,,"In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,false,false,false,,false,false,2023-11-30T00:00:00.000Z,0
CVE-2023-48805,https://securityvulnerability.io/vulnerability/CVE-2023-48805,,"In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,false,false,false,,false,false,2023-11-30T00:00:00.000Z,0
CVE-2023-48804,https://securityvulnerability.io/vulnerability/CVE-2023-48804,,"In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,false,false,false,,false,false,2023-11-30T00:00:00.000Z,0
CVE-2023-48802,https://securityvulnerability.io/vulnerability/CVE-2023-48802,,"In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,false,false,false,,false,false,2023-11-30T00:00:00.000Z,0
CVE-2023-48812,https://securityvulnerability.io/vulnerability/CVE-2023-48812,,"In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,false,false,false,,false,false,2023-11-30T00:00:00.000Z,0
CVE-2023-48810,https://securityvulnerability.io/vulnerability/CVE-2023-48810,,"In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,false,false,false,,false,false,2023-11-30T00:00:00.000Z,0
CVE-2023-48803,https://securityvulnerability.io/vulnerability/CVE-2023-48803,Command Execution Vulnerability in TOTOLINK X6000R,"The TOTOLINK X6000R router is vulnerable due to a command execution flaw in the shttpd file, specifically within the sub_4119A0 function. This function improperly processes input from the front-end, allowing the Uci_Set_Str function to pass unvalidated fields to the CsteSystem function. This can lead to unauthorized command execution, posing significant security risks to users if exploited.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,false,false,false,,false,false,2023-11-30T00:00:00.000Z,0
CVE-2023-48807,https://securityvulnerability.io/vulnerability/CVE-2023-48807,,"In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,false,false,false,,false,false,2023-11-30T00:00:00.000Z,0
CVE-2023-46979,https://securityvulnerability.io/vulnerability/CVE-2023-46979,,TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function.,Totolink,X6000r Firmware,9.8,CRITICAL,0.5105699896812439,false,false,false,false,,false,false,2023-10-31T00:00:00.000Z,0
CVE-2023-46484,https://securityvulnerability.io/vulnerability/CVE-2023-46484,,An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.,Totolink,X6000r Firmware,9.8,CRITICAL,0.0031900000758469105,false,false,false,false,,false,false,2023-10-31T00:00:00.000Z,0
CVE-2023-46485,https://securityvulnerability.io/vulnerability/CVE-2023-46485,,An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.,Totolink,X6000r Firmware,9.8,CRITICAL,0.0031900000758469105,false,false,false,false,,false,false,2023-10-31T00:00:00.000Z,0