Totolink A6000r Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Totolink A6000r Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in Totolink A6000r Firmware. Last year, in 2025 A6000r Firmware had 5 security vulnerabilities published. Right now, A6000r Firmware is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 5 | 9.80 |
| 2024 | 8 | 9.80 |
It may take a day or so for new A6000r Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Totolink A6000r Firmware Security Vulnerabilities
TOTOLINK A6000R 1.0.1B: Remote Command Injection via apcli_cancel_wps
CVE-2025-3249
9.8 - Critical
- April 04, 2025
A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Command Injection
Command injection in TOTOLINK A6000R reset_wifi function (V1.0.1-B20201211.2000)
CVE-2024-57214
- January 10, 2025
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
TOTOLINK A6000R V1.0.1 Command Injection via newpasswd (action_passwd)
CVE-2024-57213
- January 10, 2025
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function.
Command Injection v1.0.1 via opmode in action_reboot TOTOLINK A6000R
CVE-2024-57212
- January 10, 2025
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function.
Command Injection in TOTOLINK A6000R V1.0.1 via enable_wsh.modifyOne
CVE-2024-57211
- January 10, 2025
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function.
TOTOLINK A6000R V1.0.1 Command Injection via webcmd cmd param
CVE-2024-41319
9.8 - Critical
- July 23, 2024
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.
Command Injection
TOTOLINK A6000R V1.0.1 Command Injection via ifname (get_apcli_conn_info)
CVE-2024-41320
- July 22, 2024
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function.
Command Injection in TOTOLINK A6000R V1.0.1 via apcli_wps_gen_pincode
CVE-2024-41318
- July 22, 2024
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
Command Injection in TOTOLINK A6000R V1.0.1 Router via apcli_do_enr_pbc_wps
CVE-2024-41317
- July 22, 2024
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
Cmd Injection in TOTOLINK A6000R v1.0.1 apcli_cancel_wps ifname
CVE-2024-41316
- July 22, 2024
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
Command Injection in TOTOLINK A6000R V1.0.1 via ifname (apcli_do_enr_pin_wps)
CVE-2024-41315
- July 22, 2024
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
Command Injection in Totolink A6000R V1.0.1 via iface (CVE-2024-41314)
CVE-2024-41314
- July 22, 2024
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
Command Injection in TOTOLINK A6000R V1.0.1 via vif_enable iface param
CVE-2024-37626
- June 20, 2024
A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Totolink A6000r Firmware or by Totolink? Click the Watch button to subscribe.
