cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-25604,https://securityvulnerability.io/vulnerability/CVE-2025-25604,Command Injection Vulnerability in Totolink X5000R,"The Totolink X5000R version V9.1.0u.6369_B20230113 has a critical command injection vulnerability within its vif_disable function located in mtkwifi.lua. This flaw allows attackers to execute arbitrary commands on the affected system. Exploitation of this vulnerability could lead to unauthorized access and control over the device, compromising network integrity and data security. It is essential for users to apply relevant security patches to safeguard their systems from potential exploits.",Totolink,X5000R,6.5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-21T00:00:00.000Z,0
CVE-2025-25605,https://securityvulnerability.io/vulnerability/CVE-2025-25605,Command Injection Vulnerability in Totolink X5000R by Totolink,"The Totolink X5000R router, specifically version V9.1.0u.6369_B20230113, is susceptible to a command injection vulnerability via the 'apcli_wps_gen_pincode' function located in the mtkwifi.lua file. This flaw could allow unauthorized attackers to execute arbitrary commands on the device, potentially compromising its security and functionality. Users are urged to evaluate their systems for this vulnerability and apply necessary mitigations.",Totolink,X5000R,6.5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-21T00:00:00.000Z,0
CVE-2025-1340,https://securityvulnerability.io/vulnerability/CVE-2025-1340,Stack-Based Buffer Overflow Vulnerability in TOTOLINK X18 Router,"A vulnerability has been identified in the TOTOLINK X18 router, specifically within the setPasswordCfg function of the cstecgi.cgi file. This flaw can lead to a stack-based buffer overflow, allowing remote attackers to exploit the device without needing physical access. The issue has been publicly disclosed, raising the stakes for users to safeguard their networks against potential malicious activities. The vendor was notified prior to this disclosure but did not provide a response.",Totolink,X18,8.7,HIGH,0.0011399999493733048,false,,false,false,true,2025-02-16T13:31:05.000Z,true,false,false,,2025-02-16T13:31:05.705Z,239
CVE-2025-1339,https://securityvulnerability.io/vulnerability/CVE-2025-1339,OS Command Injection Vulnerability in TOTOLINK X18 Router,"A vulnerability has been identified in the TOTOLINK X18 Router, specifically in the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. This issue allows for potential OS command injection through manipulation of the argument 'enable.' The vulnerability can be exploited remotely, raising concerns about unauthorized access and control over the router. Despite early disclosure to the vendor, no response was received, leaving the security of users at risk. Mitigation efforts are recommended to prevent exploitation.",Totolink,X18,5.3,MEDIUM,0.0006600000197067857,false,,false,false,true,2025-02-16T12:00:19.000Z,true,false,false,,2025-02-16T12:00:19.638Z,0
CVE-2025-25524,https://securityvulnerability.io/vulnerability/CVE-2025-25524,Buffer Overflow Vulnerability in TOTOLink X6000R Routers,"A buffer overflow vulnerability exists in TOTOLink X6000R routers due to insufficient length verification in the handling of Wi-Fi filtering rules. This oversight can be exploited by attackers to crash the affected router or execute arbitrary commands remotely, which poses a significant security risk to users relying on these devices for network connectivity.",TOTOLink,X6000R,5.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T00:00:00.000Z,0
CVE-2024-57036,https://securityvulnerability.io/vulnerability/CVE-2024-57036,Command Injection Vulnerability in TOTOLINK Router,"The TOTOLINK A810R router is susceptible to a command injection vulnerability within the downloadFile.cgi function. This flaw enables a malicious actor to craft specific HTTP requests that can execute arbitrary commands on the router's system, potentially compromising device integrity and network security. Users are encouraged to update their firmware to protect against this vulnerability.",TOTOLINK,A810R,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T00:00:00.000Z,0
CVE-2024-57020,https://securityvulnerability.io/vulnerability/CVE-2024-57020,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R router has a vulnerability that allows for OS command injection through the 'sMinute' parameter in the setWiFiScheduleCfg function. This weakness can be exploited by sending crafted requests to the router, potentially allowing an attacker to execute arbitrary commands on the device's operating system. This could lead to unauthorized access and control over the network device, posing significant risks to the security of the connected network.",TOTOLINK,X5000R,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57024,https://securityvulnerability.io/vulnerability/CVE-2024-57024,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R router, specifically version V9.1.0cu.2350_B20230313, is affected by an OS command injection vulnerability. This issue arises from improper handling of the 'eMinute' parameter in the setWiFiScheduleCfg function, potentially allowing an attacker to execute arbitrary OS commands on the device. This vulnerability can lead to unauthorized access and manipulation of the router's settings, posing a significant security risk. Users are advised to update their devices and implement additional security measures to mitigate potential exploitation.",TOTOLINK,X5000R,6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57015,https://securityvulnerability.io/vulnerability/CVE-2024-57015,OS Command Injection in TOTOLINK X5000R Router,"The TOTOLINK X5000R router, specifically version V9.1.0cu.2350_B20230313, has a critical vulnerability that allows for OS command injection through the 'hour' parameter in the setScheduleCfg function. This flaw can be exploited by an unauthorized attacker to execute arbitrary commands on the affected device, potentially leading to a complete compromise of the system. Users are urged to apply the necessary updates and configure their devices to mitigate risk.",TOTOLINK,X5000R Router,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57019,https://securityvulnerability.io/vulnerability/CVE-2024-57019,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R Router is affected by an OS command injection vulnerability that arises from improper handling of the 'limit' parameter within the setVpnAccountCfg function. This flaw can be exploited by an attacker to execute arbitrary commands on the underlying operating system, potentially leading to unauthorized access and control over the device. Users are advised to be vigilant and apply necessary security measures to mitigate this risk.",TOTOLINK,X5000R Router,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57021,https://securityvulnerability.io/vulnerability/CVE-2024-57021,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R router is impacted by an OS command injection vulnerability through the 'eHour' parameter in the setWiFiScheduleCfg function. Attackers can exploit this flaw to execute arbitrary OS commands, which could lead to unauthorized access or control over the device. This issue highlights the importance of securing device configurations and monitoring for unusual behaviors in network equipment.",TOTOLINK,X5000R Router,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57014,https://securityvulnerability.io/vulnerability/CVE-2024-57014,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R router, specifically version V9.1.0cu.2350_B20230313, is susceptible to an OS command injection through the 'recHour' parameter in the setScheduleCfg function. This vulnerability may allow an attacker to execute arbitrary commands on the affected device, posing potential risks to the confidentiality, integrity, and availability of the system. Users are advised to update their firmware to mitigate this vulnerability.",TOTOLINK,X5000R,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57018,https://securityvulnerability.io/vulnerability/CVE-2024-57018,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R router suffers from an OS command injection vulnerability that can be exploited through the 'desc' parameter in the setVpnAccountCfg function. This flaw allows attackers to execute arbitrary commands on the underlying operating system, potentially compromising the device's integrity and security. Users are advised to apply necessary security patches and follow best practices to secure their devices against potential exploitation.",TOTOLINK,X5000R,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57023,https://securityvulnerability.io/vulnerability/CVE-2024-57023,OS Command Injection Vulnerability in TOTOLINK X5000R Product,"The TOTOLINK X5000R router has a vulnerability that allows an attacker to execute arbitrary OS commands through the manipulation of the 'week' parameter in the setWiFiScheduleCfg function. This could potentially enable unauthorized access and control over the device, compromising the security of the network.",TOTOLINK,X5000R,6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57022,https://securityvulnerability.io/vulnerability/CVE-2024-57022,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R router version V9.1.0cu.2350_B20230313 is vulnerable to an OS command injection attack. This vulnerability arises from improper handling of the 'sHour' parameter in the 'setWiFiScheduleCfg' function. An attacker could exploit this vulnerability to execute arbitrary commands on the operating system, potentially leading to unauthorized access or control over the device, compromising the security of the entire network.",TOTOLINK,X5000R,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57016,https://securityvulnerability.io/vulnerability/CVE-2024-57016,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R router has been identified to have an OS command injection vulnerability through the 'user' parameter in the setVpnAccountCfg function. This vulnerability could allow unauthorized users to execute arbitrary commands on the underlying operating system, leading to potential unauthorized access and data compromise. It is essential for users of this router model to apply available patches and to review their security configurations to mitigate any associated risks.",TOTOLINK,X5000R,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57012,https://securityvulnerability.io/vulnerability/CVE-2024-57012,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R router is susceptible to an OS command injection vulnerability that can be exploited through the 'week' parameter in the setScheduleCfg function. An attacker could leverage this flaw to execute arbitrary commands on the underlying operating system, potentially leading to unauthorized access and manipulation of the router's operating system.",TOTOLINK,X5000R Router,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57025,https://securityvulnerability.io/vulnerability/CVE-2024-57025,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"An OS command injection vulnerability has been identified in the TOTOLINK X5000R router. This issue arises from improper validation of the 'desc' parameter in the setWiFiScheduleCfg function, which allows attackers to execute arbitrary operating system commands. When exploited, this vulnerability may lead to unauthorized access or control over the device, potentially compromising the security and privacy of users' networks.",TOTOLINK,X5000R Router,6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57011,https://securityvulnerability.io/vulnerability/CVE-2024-57011,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"An OS command injection vulnerability exists in TOTOLINK X5000R routers, specifically affecting version V9.1.0cu.2350_B20230313 through the 'minute' parameters in setScheduleCfg. This vulnerability allows attackers to execute arbitrary commands via the input fields, potentially compromising the device's integrity and exposing sensitive data. It is critical for users to implement security measures and updates to safeguard their networks from unauthorized access.",TOTOLINK,X5000R Router,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57017,https://securityvulnerability.io/vulnerability/CVE-2024-57017,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R Router has been identified with an OS command injection vulnerability impacting the 'pass' parameter within the setVpnAccountCfg function. Exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected device, potentially compromising the integrity and confidentiality of the network. It is crucial for users of the affected version to apply security measures to mitigate the risk of unauthorized access and exploitation.",TOTOLINK,X5000R Router,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57013,https://securityvulnerability.io/vulnerability/CVE-2024-57013,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R router is affected by an OS command injection vulnerability that can be exploited through the 'switch' parameter within the setScheduleCfg configuration. This flaw allows attackers to execute arbitrary commands on the device, potentially leading to unauthorized access, data manipulation, or complete compromise of the device's functionality. Users are urged to review their router settings and apply any available updates to secure their devices against potential threats.",TOTOLINK,X5000R,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57211,https://securityvulnerability.io/vulnerability/CVE-2024-57211,Command Injection Vulnerability in TOTOLINK A6000R Router,"The TOTOLINK A6000R router has been identified to have a command injection vulnerability through the modifyOne parameter in its enable_wsh function. This vulnerability allows an attacker to execute arbitrary commands on the device, potentially compromising its integrity and exposing sensitive data. Immediate action is recommended to mitigate any risks associated with this security flaw.",TOTOLINK,,8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-10T17:15:00.000Z,0
CVE-2024-57212,https://securityvulnerability.io/vulnerability/CVE-2024-57212,Command Injection Vulnerability in TOTOLINK A6000R Router,"The TOTOLINK A6000R Router firmware version V1.0.1-B20201211.2000 is susceptible to a command injection vulnerability through the opmode parameter in the action_reboot function. Exploiting this flaw may allow an attacker to execute arbitrary commands on the device, potentially leading to unauthorized access and control over the router. Users are advised to review their firmware versions and take appropriate actions to mitigate this risk.",TOTOLINK,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-10T17:15:00.000Z,0
CVE-2024-57213,https://securityvulnerability.io/vulnerability/CVE-2024-57213,Command Injection Vulnerability in TOTOLINK A6000R Router,"The TOTOLINK A6000R router is vulnerable to a command injection flaw that arises from improper handling of the newpasswd parameter within the action_passwd function. This vulnerability enables attackers to execute arbitrary commands on the device, potentially leading to a full compromise of the router's functionality and security. To mitigate this risk, users are advised to update to the latest firmware version and implement secure password practices.",TOTOLINK,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-10T17:15:00.000Z,0
CVE-2024-57214,https://securityvulnerability.io/vulnerability/CVE-2024-57214,Command Injection Vulnerability in TOTOLINK A6000R Router,"The TOTOLINK A6000R router version V1.0.1-B20201211.2000 is susceptible to a command injection vulnerability found in the reset_wifi function. This flaw arises due to improper handling of the devname parameter, which could allow an attacker to execute arbitrary commands on the device. Exploiting this vulnerability could compromise the router's integrity, potentially leading to unauthorized access and control over the network. Users of the affected version are advised to monitor their configurations and apply necessary safeguards to protect their devices.",TOTOLINK,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-10T17:15:00.000Z,0