CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1661 – Totolink X6000R shadow hard-coded credentials
https://notcve.org/view.php?id=CVE-2024-1661
20 Feb 2024 — A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. • https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-Totolink/X6000R-Hardcoded-Password.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 1CVE-2023-52038
https://notcve.org/view.php?id=CVE-2023-52038
24 Jan 2024 — An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function. Un problema descubierto en TOTOLINK X6000R v9.4.0cu.852_B20230719 permite a atacantes ejecutar comandos arbitrarios a través de la función sub_415C80. • https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/1/1.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 1CVE-2023-52039
https://notcve.org/view.php?id=CVE-2023-52039
24 Jan 2024 — An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. Un problema descubierto en TOTOLINK X6000R v9.4.0cu.852_B20230719 permite a atacantes ejecutar comandos arbitrarios a través de la función sub_415AA4. • https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/2/2.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 1CVE-2023-52040
https://notcve.org/view.php?id=CVE-2023-52040
24 Jan 2024 — An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function. Un problema descubierto en TOTOLINK X6000R v9.4.0cu.852_B20230719 permite a atacantes ejecutar comandos arbitrarios a través de la función sub_41284C. • https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/3/3.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-253: Incorrect Check of Function Return Value •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 1CVE-2023-52041
https://notcve.org/view.php?id=CVE-2023-52041
16 Jan 2024 — An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program. Un problema descubierto en TOTOLINK X6000R V9.4.0cu.852_B20230719 permite a atacantes ejecutar código arbitrario a través de la función sub_410118 del programa shttpd. • https://kee02p.github.io/2024/01/13/CVE-2023-52041 •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 1CVE-2023-52042
https://notcve.org/view.php?id=CVE-2023-52042
16 Jan 2024 — An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter. Un problema descubierto en la función sub_4117F8 en TOTOLINK X6000R V9.4.0cu.852_B20230719 permite a atacantes ejecutar comandos arbitrarios a través del parámetro 'lang'. • https://kee02p.github.io/2024/01/13/CVE-2023-52042 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-50651
https://notcve.org/view.php?id=CVE-2023-50651
30 Dec 2023 — TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. Se descubrió que TOTOLINK X6000R v9.4.0cu.852_B20230719 contiene una vulnerabilidad de ejecución remota de comandos (RCE) a través del componente /cgi-bin/cstecgi.cgi. • http://totolink.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 2CVE-2023-48799
https://notcve.org/view.php?id=CVE-2023-48799
04 Dec 2023 — TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution. TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 es vulnerable a la ejecución de comandos. • https://palm-jump-676.notion.site/CVE-2023-48799-632dd667b4574a2c84b04035d04afb5c •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-48800
https://notcve.org/view.php?id=CVE-2023-48800
04 Dec 2023 — In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability. En TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, la función del archivo shttpd sub_417338 obtiene campos del front-end, los conecta a través de la función snprintf y los pasa a la función CsteSystem, lo que genera una vulnerabilidad de ejecución de ... • https://palm-jump-676.notion.site/CVE-2023-48800-ad96548d06c645738daf3ab77575fd74 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 2CVE-2023-48801
https://notcve.org/view.php?id=CVE-2023-48801
01 Dec 2023 — In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability. En TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, la función del archivo shttpd sub_415534 obtiene campos del front-end, los conecta a través de la función snprintf y los pasa a la función CsteSystem, lo que genera una vulnerabilidad de ejecución de ... • https://palm-jump-676.notion.site/CVE-2023-48801-40d4553fc7a649fe833201fcecf76f2b • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •