CVE-2024-1661 – Totolink X6000R shadow hard-coded credentials
https://notcve.org/view.php?id=CVE-2024-1661
A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. • https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-Totolink/X6000R-Hardcoded-Password.md https://vuldb.com/?ctiid.254179 https://vuldb.com/?id.254179 • CWE-798: Use of Hard-coded Credentials •
CVE-2023-52038
https://notcve.org/view.php?id=CVE-2023-52038
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function. Un problema descubierto en TOTOLINK X6000R v9.4.0cu.852_B20230719 permite a atacantes ejecutar comandos arbitrarios a través de la función sub_415C80. • https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/1/1.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-52039
https://notcve.org/view.php?id=CVE-2023-52039
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. Un problema descubierto en TOTOLINK X6000R v9.4.0cu.852_B20230719 permite a atacantes ejecutar comandos arbitrarios a través de la función sub_415AA4. • https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/2/2.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-52040
https://notcve.org/view.php?id=CVE-2023-52040
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function. Un problema descubierto en TOTOLINK X6000R v9.4.0cu.852_B20230719 permite a atacantes ejecutar comandos arbitrarios a través de la función sub_41284C. • https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/3/3.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-253: Incorrect Check of Function Return Value •
CVE-2023-52042
https://notcve.org/view.php?id=CVE-2023-52042
An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter. Un problema descubierto en la función sub_4117F8 en TOTOLINK X6000R V9.4.0cu.852_B20230719 permite a atacantes ejecutar comandos arbitrarios a través del parámetro 'lang'. • https://kee02p.github.io/2024/01/13/CVE-2023-52042 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •