cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-52723,https://securityvulnerability.io/vulnerability/CVE-2024-52723,Command Execution Vulnerability in TOTOLINK X6000R Router Software,"An inherent vulnerability in the TOTOLINK X6000R router's software is identified as a flaw in the shttpd file, where the Uci_Set Str function is inadequately protected by parameter filtering. This oversight enables attackers to craft and submit malicious payloads, which can lead to arbitrary command execution. As a result, unauthorized users may gain control over the affected router's functionalities, posing a significant threat to network security and data integrity.",Totolink,X6000r Firmware,9.8,CRITICAL,0.0016799999866634607,false,,false,false,false,,,false,false,,2024-11-22T16:15:00.000Z,0
CVE-2024-7907,https://securityvulnerability.io/vulnerability/CVE-2024-7907,Command Injection Vulnerability in TOTOLINK X6000R Router,"A critical command injection vulnerability exists in the TOTOLINK X6000R router, specifically affecting the setSyslogCfg function within the /cgi-bin/cstecgi.cgi file. By manipulating the rtLogServer argument, an attacker can execute arbitrary commands on the device. This vulnerability can be exploited remotely, posing a significant risk to users. The details were disclosed publicly, prompting immediate action from cybersecurity professionals. Unfortunately, the vendor did not respond to early notifications regarding this security issue. Users of the affected product are advised to take necessary precautions, including updating their devices and monitoring for unusual activity.",TOTOLINK,X6000r Firmware,9.8,CRITICAL,0.005900000222027302,false,,false,false,false,,,false,false,,2024-08-18T16:15:00.000Z,0
CVE-2024-2353,https://securityvulnerability.io/vulnerability/CVE-2024-2353,OS Command Injection Vulnerability in Totolink X6000R Router,"A security vulnerability has been identified in the Totolink X6000R router, particularly within the 'setDiagnosisCfg' function of the '/cgi-bin/cstecgi.cgi' component known as shttpd. This vulnerability arises from improper handling of the 'ip' argument, which allows for OS command injection. Attackers can exploit this flaw remotely, potentially leading to unauthorized command execution on the device. The exploit has been made public, making it crucial for users to take immediate action to secure their devices. Early disclosures to the vendor went unanswered, raising concerns about timely remediation and response.",Totolink,X6000r,8.8,HIGH,0.0019000000320374966,false,,false,false,true,2024-03-10T07:31:04.000Z,true,false,false,,2024-03-10T07:31:04.225Z,0
CVE-2024-1661,https://securityvulnerability.io/vulnerability/CVE-2024-1661,Hard-coded Credentials Vulnerability in Totolink X6000R 9.4.0cu.852_B20230719,A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,Totolink,X6000R,5.5,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-02-20T12:30:37.000Z,true,false,false,,2024-02-20T12:30:37.576Z,0
CVE-2023-52040,https://securityvulnerability.io/vulnerability/CVE-2023-52040,Arbitrary Command Execution Vulnerability in TOTOLINK X6000R by TOTOLINK,"A vulnerability identified in the TOTOLINK X6000R router enables attackers to execute arbitrary commands through the sub_41284C function. This flaw permits unauthorized access and manipulation of the device, potentially leading to compromised network security. Proper measures must be taken to evaluate and patch the affected versions to mitigate this security risk.",Totolink,X6000r Firmware,9.8,CRITICAL,0.05626999959349632,false,,false,false,false,,,false,false,,2024-01-24T00:00:00.000Z,0
CVE-2023-52039,https://securityvulnerability.io/vulnerability/CVE-2023-52039,Arbitrary Command Execution Vulnerability in TOTOLINK X6000R Product,"The Totolink X6000R device has a vulnerability that enables attackers to execute arbitrary commands through the sub_415AA4 function. This issue poses significant risks to the integrity and confidentiality of system operations, allowing potential unauthorized access and control over affected devices. Administrators are advised to apply necessary security updates and configurations to mitigate these risks effectively.",Totolink,X6000r Firmware,9.8,CRITICAL,0.05626999959349632,false,,false,false,false,,,false,false,,2024-01-24T00:00:00.000Z,0
CVE-2023-52038,https://securityvulnerability.io/vulnerability/CVE-2023-52038,Arbitrary Command Execution Vulnerability in TOTOLINK X6000R by TOTOLINK,"A security flaw has been identified in the TOTOLINK X6000R router, specifically in version v9.4.0cu.852_B20230719. This vulnerability permits attackers to execute arbitrary commands through the sub_415C80 function, potentially compromising the integrity and security of the device. Users of affected versions are recommended to apply patches or upgrades to mitigate the risk associated with this vulnerability.",Totolink,X6000r Firmware,9.8,CRITICAL,0.05626999959349632,false,,false,false,false,,,false,false,,2024-01-24T00:00:00.000Z,0
CVE-2023-52042,https://securityvulnerability.io/vulnerability/CVE-2023-52042,Arbitrary Command Execution Vulnerability in TOTOLINK X6000R by TOTOLINK,"A vulnerability exists in the sub_4117F8 function of TOTOLINK X6000R firmware version V9.4.0cu.852_B20230719, which enables attackers to execute arbitrary commands by manipulating the 'lang' parameter. This exploitation could potentially lead to unauthorized access and control over the affected device, posing a significant risk to users and their networks.",Totolink,X6000r Firmware,9.8,CRITICAL,0.04916999861598015,false,,false,false,false,,,false,false,,2024-01-16T00:00:00.000Z,0
CVE-2023-48799,https://securityvulnerability.io/vulnerability/CVE-2023-48799,Command Execution Vulnerability in TOTOLINK X6000R Firmware,"The TOTOLINK X6000R Firmware, specifically version V9.4.0cu.852_B20230719, is susceptible to a critical command execution vulnerability. This flaw allows an attacker to execute arbitrary commands remotely, potentially leading to unauthorized access and compromise of the device's functionality. Users of the affected firmware are strongly advised to apply available patches and update to the latest firmware version to mitigate risks associated with this vulnerability. Compliance with security best practices remains essential to safeguarding network devices.",Totolink,X6000r Firmware,9.8,CRITICAL,0.013100000098347664,false,,false,false,false,,,false,false,,2023-12-04T00:00:00.000Z,0
CVE-2023-48800,https://securityvulnerability.io/vulnerability/CVE-2023-48800,Command Execution Vulnerability in TOTOLINK X6000R Firmware,"A command execution vulnerability exists in the TOTOLINK X6000R firmware due to improper handling of user input in the shttpd file. The sub_417338 function retrieves parameters from the front-end and uses the snprintf function to format them before passing them to the CsteSystem function, which can lead to unauthorized command execution by attackers. This poses a significant risk as malicious actors could exploit this flaw to gain control of affected devices, potentially compromising network security.",Totolink,X6000r Firmware,9.8,CRITICAL,0.008410000242292881,false,,false,false,false,,,false,false,,2023-12-04T00:00:00.000Z,0
CVE-2023-43454,https://securityvulnerability.io/vulnerability/CVE-2023-43454,Remote Code Execution Vulnerability in TOTOLINK X6000R Router Software,"A vulnerability in certain versions of the TOTOLINK X6000R router allows remote attackers to execute arbitrary code through manipulation of the hostName parameter in the switchOpMode component. Successful exploitation could lead to unauthorized access and control over the affected device, potentially compromising network integrity and user data.",Totolink,X6000r Firmware,9.8,CRITICAL,0.0031900000758469105,false,,false,false,false,,,false,false,,2023-12-01T02:15:00.000Z,0
CVE-2023-43455,https://securityvulnerability.io/vulnerability/CVE-2023-43455,Remote Code Execution Vulnerability in TOTOLINK X6000R Router,"A remote code execution vulnerability exists in the TOTOLINK X6000R routers which allows an attacker to execute arbitrary code by manipulating the command parameter within the setting/setTracerouteCfg component. This poses a significant security risk, as it can lead to unauthorized access and control over the device, potentially compromising the entire network connected to the router.",Totolink,X6000r Firmware,9.8,CRITICAL,0.0031900000758469105,false,,false,false,false,,,false,false,,2023-12-01T02:15:00.000Z,0
CVE-2023-43453,https://securityvulnerability.io/vulnerability/CVE-2023-43453,Remote Code Execution Vulnerability in TOTOLINK X6000R Products,A remote code execution vulnerability exists in TOTOLINK X6000R versions V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719. This issue allows an attacker to execute arbitrary code by manipulating the IP parameter of the setDiagnosisCfg component. Users of these devices should implement security best practices to mitigate potential exploits.,Totolink,X6000r Firmware,9.8,CRITICAL,0.0031900000758469105,false,,false,false,false,,,false,false,,2023-12-01T02:15:00.000Z,0
CVE-2023-48801,https://securityvulnerability.io/vulnerability/CVE-2023-48801,Command Execution Vulnerability in TOTOLINK X6000R Firmware,"In certain versions of the TOTOLINK X6000R firmware, a vulnerability exists in the shttpd file, specifically in the sub_415534 function. This function improperly handles input fields retrieved from the front-end, concatenating them using the snprintf function without adequate sanitization. Consequently, this flaw allows for arbitrary command execution via the CsteSystem function, posing a significant security risk to affected systems.",Totolink,X6000r Firmware,9.8,CRITICAL,0.013100000098347664,false,,false,false,false,,,false,false,,2023-12-01T00:00:00.000Z,0
CVE-2023-48808,https://securityvulnerability.io/vulnerability/CVE-2023-48808,Command Execution Vulnerability in TOTOLINK X6000R Router,"A command execution vulnerability exists in the TOTOLINK X6000R router in version V9.4.0cu.852_B20230719. The vulnerability arises from the handling of inputs in the shttpd file within the sub_4119A0 function. By manipulating front-end fields passed through the Uci_Set_Str function to the CsteSystem function, an attacker can execute arbitrary commands. This flaw poses a significant risk as it could potentially allow unauthorized control over the device, leading to a breach in network security.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,,false,false,false,,,false,false,,2023-11-30T00:00:00.000Z,0
CVE-2023-48807,https://securityvulnerability.io/vulnerability/CVE-2023-48807,Command Execution Vulnerability in TOTOLINK X6000R Router,"The TOTOLINK X6000R router version V9.4.0cu.852_B20230719 contains a command execution vulnerability within the shttpd file. Specifically, the sub_4119A0 function improperly handles input parameters from the front-end, allowing an attacker to exploit the Uci_Set_The_Str function when it interacts with the CsteSystem function. This flaw creates opportunities for unauthorized command execution, potentially compromising the router's security and enabling attackers to manipulate the system.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,,false,false,false,,,false,false,,2023-11-30T00:00:00.000Z,0
CVE-2023-48806,https://securityvulnerability.io/vulnerability/CVE-2023-48806,Command Execution Vulnerability in TOTOLINK X6000R Router,"The TOTOLINK X6000R router has a command execution vulnerability due to improper handling of user input in the shttpd file. The sub_4119A0 function processes fields from the front-end using the Uci_Set_Str function. When the data is passed to the CsteSystem function, it permits an attacker to execute arbitrary commands on the system. This flaw highlights the importance of validating inputs to safeguard against unauthorized system access.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,,false,false,false,,,false,false,,2023-11-30T00:00:00.000Z,0
CVE-2023-48802,https://securityvulnerability.io/vulnerability/CVE-2023-48802,Command Execution Vulnerability in TOTOLINK X6000R Product,"The TOTOLINK X6000R has a command execution vulnerability found in the shttpd file. Specifically, the sub_4119A0 function is susceptible to exploitation through improper handling of input fields via the Uci_Set_Str function, which can lead to unauthorized command execution when utilized within the CsteSystem function. This flaw may allow attackers to execute arbitrary commands on the device, posing a risk to security and stability.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,,false,false,false,,,false,false,,2023-11-30T00:00:00.000Z,0
CVE-2023-48804,https://securityvulnerability.io/vulnerability/CVE-2023-48804,Command Execution Vulnerability in TOTOLINK X6000R Router,"The TOTOLINK X6000R router is susceptible to a command execution vulnerability stemming from improper handling of input in the shttpd file. The sub_4119A0 function retrieves parameters from the front-end via Uci_Set_The_Str, which, when processed through the CsteSystem function, opens the door for unauthorized command execution. This flaw highlights significant security risks, allowing attackers to potentially manipulate system commands, impacting the overall integrity and security of affected devices.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,,false,false,false,,,false,false,,2023-11-30T00:00:00.000Z,0
CVE-2023-48803,https://securityvulnerability.io/vulnerability/CVE-2023-48803,Command Execution Vulnerability in TOTOLINK X6000R,"The TOTOLINK X6000R router is vulnerable due to a command execution flaw in the shttpd file, specifically within the sub_4119A0 function. This function improperly processes input from the front-end, allowing the Uci_Set_Str function to pass unvalidated fields to the CsteSystem function. This can lead to unauthorized command execution, posing significant security risks to users if exploited.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,,false,false,false,,,false,false,,2023-11-30T00:00:00.000Z,0
CVE-2023-48805,https://securityvulnerability.io/vulnerability/CVE-2023-48805,Command Execution Vulnerability in TOTOLINK X6000R Router,"A command execution vulnerability exists in the TOTOLINK X6000R due to improper handling of input within the shttpd file's sub_4119A0 function. When this function processes fields from the front-end using Uci_Set_The_Str, it becomes susceptible to exploitation via the CsteSystem function, allowing unauthorized command execution.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,,false,false,false,,,false,false,,2023-11-30T00:00:00.000Z,0
CVE-2023-48812,https://securityvulnerability.io/vulnerability/CVE-2023-48812,Command Execution Vulnerability in TOTOLINK X6000R Router,"A command execution vulnerability exists in the TOTOLINK X6000R, specifically in the shttpd file's sub_4119A0 function. The vulnerability arises due to improper handling of user input, where fields obtained from the front-end via the Uci_Set_The_Str function can be exploited if passed to the CsteSystem function. This flaw can allow malicious actors to execute arbitrary commands, potentially compromising the security of the device and the network it operates on.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,,false,false,false,,,false,false,,2023-11-30T00:00:00.000Z,0
CVE-2023-48811,https://securityvulnerability.io/vulnerability/CVE-2023-48811,Command Execution Vulnerability in TOTOLINK X6000R Router,"A vulnerability in the TOTOLINK X6000R router allows an attacker to execute arbitrary commands through the malformed handling of input fields in the shttpd file. The flaw arises from the sub_4119A0 function improperly utilizing the Uci_Set_Str function which is subsequently passed to the CsteSystem function, enabling unauthorized command execution on the device. This could lead to unauthorized access and potential exposure of sensitive information.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,,false,false,false,,,false,false,,2023-11-30T00:00:00.000Z,0
CVE-2023-48810,https://securityvulnerability.io/vulnerability/CVE-2023-48810,Command Execution Vulnerability in TOTOLINK X6000R by TOTOLINK,"A command execution vulnerability has been identified in the TOTOLINK X6000R router, specifically in the handling of fields from the front-end within the shttpd file. The affected function, sub_4119A0, improperly uses user input when it calls the CsteSystem function after passing through the Uci_Set_The_Str function. This flaw could allow an attacker to execute arbitrary commands on the device, potentially compromising the integrity and security of the system and any connected networks.",Totolink,X6000r Firmware,9.8,CRITICAL,0.012969999574124813,false,,false,false,false,,,false,false,,2023-11-30T00:00:00.000Z,0
CVE-2023-46978,https://securityvulnerability.io/vulnerability/CVE-2023-46978,Incorrect Access Control in TOTOLINK Product Affects User Account Security,"The TOTOLINK X6000R router is susceptible to an incorrect access control vulnerability. This allows an attacker to reset both login and Wi-Fi passwords without the need for any form of authentication. Such a security flaw can lead to unauthorized access to the router settings and user data, compromising the integrity and confidentiality of the affected network.",Totolink,X6000r Firmware,7.5,HIGH,0.0010600000387057662,false,,false,false,false,,,false,false,,2023-10-31T00:00:00.000Z,0