CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-7907 – TOTOLINK X6000R cstecgi.cgi setSyslogCfg command injection
https://notcve.org/view.php?id=CVE-2024-7907
18 Aug 2024 — A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BeaCox/IoT_vuln/tree/main/totolink/x6000R/setSyslogCfg_injection • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2353 – Totolink X6000R shttpd cstecgi.cgi setDiagnosisCfg os command injection
https://notcve.org/view.php?id=CVE-2024-2353
10 Mar 2024 — A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/OraclePi/repo/blob/main/totolink%20X6000R/1/X6000R%20AX3000%20WiFi%206%20Giga%20unauthed%20rce.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 2CVE-2024-1781 – Totolink X6000R AX3000 shttpd cstecgi.cgi setWizardCfg command injection
https://notcve.org/view.php?id=CVE-2024-1781
23 Feb 2024 — A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection. The exploit has been disclosed to the public and may be used. • https://github.com/Icycu123/CVE-2024-1781 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1661 – Totolink X6000R shadow hard-coded credentials
https://notcve.org/view.php?id=CVE-2024-1661
20 Feb 2024 — A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. • https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-Totolink/X6000R-Hardcoded-Password.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 1CVE-2023-52038
https://notcve.org/view.php?id=CVE-2023-52038
24 Jan 2024 — An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function. Un problema descubierto en TOTOLINK X6000R v9.4.0cu.852_B20230719 permite a atacantes ejecutar comandos arbitrarios a través de la función sub_415C80. • https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/1/1.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 1CVE-2023-52039
https://notcve.org/view.php?id=CVE-2023-52039
24 Jan 2024 — An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. Un problema descubierto en TOTOLINK X6000R v9.4.0cu.852_B20230719 permite a atacantes ejecutar comandos arbitrarios a través de la función sub_415AA4. • https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/2/2.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 1CVE-2023-52040
https://notcve.org/view.php?id=CVE-2023-52040
24 Jan 2024 — An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function. Un problema descubierto en TOTOLINK X6000R v9.4.0cu.852_B20230719 permite a atacantes ejecutar comandos arbitrarios a través de la función sub_41284C. • https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/3/3.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-253: Incorrect Check of Function Return Value •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 1CVE-2023-52041
https://notcve.org/view.php?id=CVE-2023-52041
16 Jan 2024 — An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program. Un problema descubierto en TOTOLINK X6000R V9.4.0cu.852_B20230719 permite a atacantes ejecutar código arbitrario a través de la función sub_410118 del programa shttpd. • https://kee02p.github.io/2024/01/13/CVE-2023-52041 •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 1CVE-2023-52042
https://notcve.org/view.php?id=CVE-2023-52042
16 Jan 2024 — An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter. Un problema descubierto en la función sub_4117F8 en TOTOLINK X6000R V9.4.0cu.852_B20230719 permite a atacantes ejecutar comandos arbitrarios a través del parámetro 'lang'. • https://kee02p.github.io/2024/01/13/CVE-2023-52042 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-50651
https://notcve.org/view.php?id=CVE-2023-50651
30 Dec 2023 — TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. Se descubrió que TOTOLINK X6000R v9.4.0cu.852_B20230719 contiene una vulnerabilidad de ejecución remota de comandos (RCE) a través del componente /cgi-bin/cstecgi.cgi. • http://totolink.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •