Totolink X5000r Firmware

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Totolink X5000r Firmware.

By the Year

In 2026 there have been 0 vulnerabilities in Totolink X5000r Firmware. Last year, in 2025 X5000r Firmware had 18 security vulnerabilities published. Right now, X5000r Firmware is on track to have less security vulnerabilities in 2026 than it did last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	18	8.61
2024	21	8.68
2023	2	9.80

It may take a day or so for new X5000r Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Totolink X5000r Firmware Security Vulnerabilities

Cmd Injection via snprintf in TOTOLINK X5000R 9.1.0 (exportOvpn)
CVE-2025-14586 6.3 - Medium - December 13, 2025

A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

Shell injection

Command Injection in Totolink X5000R v9.1.0u via vif_disable (mtkwifi.lua)
CVE-2025-25604 - February 21, 2025

Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua.

Totolink X5000R V9.1.0u.6369 Command Injection via mtkwifi.lua
CVE-2025-25605 - February 21, 2025

Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua.

OS Command Injection in TOTOLINK X5000R 9.1.0cu.2350 (hour param)
CVE-2024-57015 8.8 - High - January 15, 2025

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "hour" parameter in setScheduleCfg.

Shell injection

CMD Injection in setWiFiScheduleCfg on TOTOLINK X5000R v9.1.0cu.2350
CVE-2024-57023 - January 15, 2025

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg.

TOTO X5000R V9.1.0cu.2350 OS CMD INJ via eMinute in setWiFiScheduleCfg
CVE-2024-57024 - January 15, 2025

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg.

TOTOLINK X5000R V9.1 Command Injection via setWiFiScheduleCfg desc
CVE-2024-57025 - January 15, 2025

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg.

TOTOLINK X5000R V9.1.0cu.2350 OS Command Injection via minute param
CVE-2024-57011 8.8 - High - January 15, 2025

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg.

Shell injection

TOTOLINK X5000R V9.1.0cu OS Command Injection via setScheduleCfg 'week' param
CVE-2024-57012 8.8 - High - January 15, 2025

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg.

Shell injection

OS Command Injection in TOTOLINK X5000R v9.1.0cu via switch param
CVE-2024-57013 8.8 - High - January 15, 2025

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg.

Shell injection

OS Command Injection in TOTOLINK X5000R 9.1.0cu.2350_B20230313 via recHour
CVE-2024-57014 8.8 - High - January 15, 2025

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg.

Shell injection

OS Command Injection in TOTOLINK X5000R setVpnAccountCfg before v9.1.0cu.2350
CVE-2024-57016 8.8 - High - January 15, 2025

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg.

Shell injection

OS Command Injection via pass param in setVpnAccountCfg on TOTOLINK X5000R V9
CVE-2024-57017 8.8 - High - January 15, 2025

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg.

Shell injection

TOTOLINK X5000R V9.1.0 OS Command Injection via setVpnAccountCfg Desc Param
CVE-2024-57018 8.8 - High - January 15, 2025

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg.

Shell injection

TOTOLINK X5000R V9.1 OS Command Injection via setVpnAccountCfg limit
CVE-2024-57019 8.8 - High - January 15, 2025

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg.

Shell injection

TOTOLINK X5000R OS Command Injection via eHour param (V9.1.0cu)
CVE-2024-57021 8.8 - High - January 15, 2025

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg.

Shell injection

OS Command Injection in TOTOLINK X5000R v9.1.0cu via sHour
CVE-2024-57022 8.8 - High - January 15, 2025

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg.

Shell injection

CMD Injection in TOTOLINK X5000R V9.1.0 setWiFiScheduleCfg
CVE-2024-57020 8.8 - High - January 15, 2025

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg.

Shell injection

OS Command Injection in cstecgi.cgi (Totolink X5000r v9.1.0cu)
CVE-2024-42738 8.8 - High - August 13, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

TOTOLINK X5000r OS Command Injection via /cgi-bin/cstecgi.cgi (v9.1.0cu)
CVE-2024-42737 8.8 - High - August 13, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

TOTOLINK X5000r 9.1.0cu Command Injection Vulnerability
CVE-2024-42736 - August 13, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Totolink X5000r v9.1.0cu OS Command Injection via cstecgi.cgi setLedCfg
CVE-2024-42740 - August 13, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

OS Command Injection in TOTOLINK X5000r v9.1.0 CGI
CVE-2024-42739 8.8 - High - August 13, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

TOTOLINK X5000r v9.1.0 OS Command Injection via cstecgi.cgi
CVE-2024-42742 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

TOTOLINK X5000r v9.1.0cu.2350_b20230313 OS Command Injection in cstecgi.cgi
CVE-2024-42743 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

TOTOLINK X5000r 9.1.0cu: cstecgi CGI OS Command Injection
CVE-2024-42744 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

OS Command Injection in TOTOLINK X5000r v9.1.0cu.2350 (cgi-bin/cstecgi.cgi)
CVE-2024-42745 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

TOTOLINK X5000r <9.1.0cu.2350: OS Command Injection in cstecgi.cgi
CVE-2024-42748 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

OS Command Injection in TOTOLINK X5000r v9.1 Targeting setWanIeCfg
CVE-2024-42747 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

TOTOLINK X5000r OS Command Injection in /cgi-bin/cstecgi.cgi (v9.1.0cu.2350)
CVE-2024-42741 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

Command Injection via 'port' param in TOTOLINK X5000R V9.1.0 setSSServer CGI
CVE-2024-32353 - May 14, 2024

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.

Auth RCE via mtu in cstecgi.cgi on TOTOLINK X5000R v9.1.0cu.2350_B20230313
CVE-2024-32349 - May 14, 2024

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mtu" parameters in the "cstecgi.cgi" binary.

TOTOLINK X5000R V9.1.0 RCE Authenticated via ipsecPsk in cstecgi.cgi
CVE-2024-32350 - May 14, 2024

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecPsk" parameter in the "cstecgi.cgi" binary.

TOTOLINK X5000R RCE via 'mru' in cstecgi.cgi (pre-9.1)
CVE-2024-32351 - May 14, 2024

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mru" parameter in the "cstecgi.cgi" binary.

Authenticated RCE via ipsecL2tpEnable in cstecgi.cgi TOTOLINK X5000R v9.1.0
CVE-2024-32352 - May 14, 2024

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary.

Command Injection in TOTOLINK X5000R V9.1.0cu.2350 via timeout param
CVE-2024-32354 - May 14, 2024

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.

TOTOLINK X5000R V9.1.0cu.2350 cmd-injection via password param
CVE-2024-32355 - May 14, 2024

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'password' parameter in the setSSServer function.

TOTOLINK X5000R v9.1.0cu.2350_B20230313 cmd inj via disconnectVPN
CVE-2024-34921 - May 14, 2024

TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the disconnectVPN function.

TOTOLINK X5000R V9.1.0u.6369_B2023-01-13: DS via host_time in NTPSyncWithHost
CVE-2024-25468 7.5 - High - February 17, 2024

An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component.

Shell injection

Command Injection via setWanCfg (Totolink X5000R v9.1.0cu.2350_B20230313)
CVE-2023-31569 9.8 - Critical - June 06, 2023

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function.

Command Injection

Cmd Injection in Totolink X5000R v9.1.0u setTracerouteCfg CVE-2023-30013
CVE-2023-30013 9.8 - Critical - May 05, 2023

TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.

Shell injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Totolink X5000r Firmware or by Totolink? Click the Watch button to subscribe.

Totolink
Vendor

Totolink X5000r Firmware
Product

Totolink X5000r Firmware

Don't miss out!

By the Year

Recent Totolink X5000r Firmware Security Vulnerabilities

Cmd Injection via snprintf in TOTOLINK X5000R 9.1.0 (exportOvpn) CVE-2025-14586 6.3 - Medium - December 13, 2025

Command Injection in Totolink X5000R v9.1.0u via vif_disable (mtkwifi.lua) CVE-2025-25604 - February 21, 2025

Totolink X5000R V9.1.0u.6369 Command Injection via mtkwifi.lua CVE-2025-25605 - February 21, 2025

OS Command Injection in TOTOLINK X5000R 9.1.0cu.2350 (hour param) CVE-2024-57015 8.8 - High - January 15, 2025

CMD Injection in setWiFiScheduleCfg on TOTOLINK X5000R v9.1.0cu.2350 CVE-2024-57023 - January 15, 2025

TOTO X5000R V9.1.0cu.2350 OS CMD INJ via eMinute in setWiFiScheduleCfg CVE-2024-57024 - January 15, 2025

TOTOLINK X5000R V9.1 Command Injection via setWiFiScheduleCfg desc CVE-2024-57025 - January 15, 2025

TOTOLINK X5000R V9.1.0cu.2350 OS Command Injection via minute param CVE-2024-57011 8.8 - High - January 15, 2025

TOTOLINK X5000R V9.1.0cu OS Command Injection via setScheduleCfg 'week' param CVE-2024-57012 8.8 - High - January 15, 2025

OS Command Injection in TOTOLINK X5000R v9.1.0cu via switch param CVE-2024-57013 8.8 - High - January 15, 2025

OS Command Injection in TOTOLINK X5000R 9.1.0cu.2350_B20230313 via recHour CVE-2024-57014 8.8 - High - January 15, 2025

OS Command Injection in TOTOLINK X5000R setVpnAccountCfg before v9.1.0cu.2350 CVE-2024-57016 8.8 - High - January 15, 2025

OS Command Injection via pass param in setVpnAccountCfg on TOTOLINK X5000R V9 CVE-2024-57017 8.8 - High - January 15, 2025

TOTOLINK X5000R V9.1.0 OS Command Injection via setVpnAccountCfg Desc Param CVE-2024-57018 8.8 - High - January 15, 2025

TOTOLINK X5000R V9.1 OS Command Injection via setVpnAccountCfg limit CVE-2024-57019 8.8 - High - January 15, 2025

TOTOLINK X5000R OS Command Injection via eHour param (V9.1.0cu) CVE-2024-57021 8.8 - High - January 15, 2025

OS Command Injection in TOTOLINK X5000R v9.1.0cu via sHour CVE-2024-57022 8.8 - High - January 15, 2025

CMD Injection in TOTOLINK X5000R V9.1.0 setWiFiScheduleCfg CVE-2024-57020 8.8 - High - January 15, 2025

OS Command Injection in cstecgi.cgi (Totolink X5000r v9.1.0cu) CVE-2024-42738 8.8 - High - August 13, 2024

TOTOLINK X5000r OS Command Injection via /cgi-bin/cstecgi.cgi (v9.1.0cu) CVE-2024-42737 8.8 - High - August 13, 2024

TOTOLINK X5000r 9.1.0cu Command Injection Vulnerability CVE-2024-42736 - August 13, 2024

Totolink X5000r v9.1.0cu OS Command Injection via cstecgi.cgi setLedCfg CVE-2024-42740 - August 13, 2024

OS Command Injection in TOTOLINK X5000r v9.1.0 CGI CVE-2024-42739 8.8 - High - August 13, 2024

TOTOLINK X5000r v9.1.0 OS Command Injection via cstecgi.cgi CVE-2024-42742 8.8 - High - August 12, 2024

TOTOLINK X5000r v9.1.0cu.2350_b20230313 OS Command Injection in cstecgi.cgi CVE-2024-42743 8.8 - High - August 12, 2024

TOTOLINK X5000r 9.1.0cu: cstecgi CGI OS Command Injection CVE-2024-42744 8.8 - High - August 12, 2024

OS Command Injection in TOTOLINK X5000r v9.1.0cu.2350 (cgi-bin/cstecgi.cgi) CVE-2024-42745 8.8 - High - August 12, 2024

TOTOLINK X5000r <9.1.0cu.2350: OS Command Injection in cstecgi.cgi CVE-2024-42748 8.8 - High - August 12, 2024

OS Command Injection in TOTOLINK X5000r v9.1 Targeting setWanIeCfg CVE-2024-42747 8.8 - High - August 12, 2024

TOTOLINK X5000r OS Command Injection in /cgi-bin/cstecgi.cgi (v9.1.0cu.2350) CVE-2024-42741 8.8 - High - August 12, 2024

Command Injection via 'port' param in TOTOLINK X5000R V9.1.0 setSSServer CGI CVE-2024-32353 - May 14, 2024

Auth RCE via mtu in cstecgi.cgi on TOTOLINK X5000R v9.1.0cu.2350_B20230313 CVE-2024-32349 - May 14, 2024

TOTOLINK X5000R V9.1.0 RCE Authenticated via ipsecPsk in cstecgi.cgi CVE-2024-32350 - May 14, 2024

TOTOLINK X5000R RCE via 'mru' in cstecgi.cgi (pre-9.1) CVE-2024-32351 - May 14, 2024

Authenticated RCE via ipsecL2tpEnable in cstecgi.cgi TOTOLINK X5000R v9.1.0 CVE-2024-32352 - May 14, 2024

Command Injection in TOTOLINK X5000R V9.1.0cu.2350 via timeout param CVE-2024-32354 - May 14, 2024

TOTOLINK X5000R V9.1.0cu.2350 cmd-injection via password param CVE-2024-32355 - May 14, 2024

TOTOLINK X5000R v9.1.0cu.2350_B20230313 cmd inj via disconnectVPN CVE-2024-34921 - May 14, 2024

TOTOLINK X5000R V9.1.0u.6369_B2023-01-13: DS via host_time in NTPSyncWithHost CVE-2024-25468 7.5 - High - February 17, 2024

Command Injection via setWanCfg (Totolink X5000R v9.1.0cu.2350_B20230313) CVE-2023-31569 9.8 - Critical - June 06, 2023

Cmd Injection in Totolink X5000R v9.1.0u setTracerouteCfg CVE-2023-30013 CVE-2023-30013 9.8 - Critical - May 05, 2023

Stay on top of Security Vulnerabilities

Totolink Vendor

Totolink X5000r FirmwareProduct

Cmd Injection via snprintf in TOTOLINK X5000R 9.1.0 (exportOvpn)
CVE-2025-14586 6.3 - Medium - December 13, 2025

Command Injection in Totolink X5000R v9.1.0u via vif_disable (mtkwifi.lua)
CVE-2025-25604 - February 21, 2025

Totolink X5000R V9.1.0u.6369 Command Injection via mtkwifi.lua
CVE-2025-25605 - February 21, 2025

OS Command Injection in TOTOLINK X5000R 9.1.0cu.2350 (hour param)
CVE-2024-57015 8.8 - High - January 15, 2025

CMD Injection in setWiFiScheduleCfg on TOTOLINK X5000R v9.1.0cu.2350
CVE-2024-57023 - January 15, 2025

TOTO X5000R V9.1.0cu.2350 OS CMD INJ via eMinute in setWiFiScheduleCfg
CVE-2024-57024 - January 15, 2025

TOTOLINK X5000R V9.1 Command Injection via setWiFiScheduleCfg desc
CVE-2024-57025 - January 15, 2025

TOTOLINK X5000R V9.1.0cu.2350 OS Command Injection via minute param
CVE-2024-57011 8.8 - High - January 15, 2025

TOTOLINK X5000R V9.1.0cu OS Command Injection via setScheduleCfg 'week' param
CVE-2024-57012 8.8 - High - January 15, 2025

OS Command Injection in TOTOLINK X5000R v9.1.0cu via switch param
CVE-2024-57013 8.8 - High - January 15, 2025

OS Command Injection in TOTOLINK X5000R 9.1.0cu.2350_B20230313 via recHour
CVE-2024-57014 8.8 - High - January 15, 2025

OS Command Injection in TOTOLINK X5000R setVpnAccountCfg before v9.1.0cu.2350
CVE-2024-57016 8.8 - High - January 15, 2025

OS Command Injection via pass param in setVpnAccountCfg on TOTOLINK X5000R V9
CVE-2024-57017 8.8 - High - January 15, 2025

TOTOLINK X5000R V9.1.0 OS Command Injection via setVpnAccountCfg Desc Param
CVE-2024-57018 8.8 - High - January 15, 2025

TOTOLINK X5000R V9.1 OS Command Injection via setVpnAccountCfg limit
CVE-2024-57019 8.8 - High - January 15, 2025

TOTOLINK X5000R OS Command Injection via eHour param (V9.1.0cu)
CVE-2024-57021 8.8 - High - January 15, 2025

OS Command Injection in TOTOLINK X5000R v9.1.0cu via sHour
CVE-2024-57022 8.8 - High - January 15, 2025

CMD Injection in TOTOLINK X5000R V9.1.0 setWiFiScheduleCfg
CVE-2024-57020 8.8 - High - January 15, 2025

OS Command Injection in cstecgi.cgi (Totolink X5000r v9.1.0cu)
CVE-2024-42738 8.8 - High - August 13, 2024

TOTOLINK X5000r OS Command Injection via /cgi-bin/cstecgi.cgi (v9.1.0cu)
CVE-2024-42737 8.8 - High - August 13, 2024

TOTOLINK X5000r 9.1.0cu Command Injection Vulnerability
CVE-2024-42736 - August 13, 2024

Totolink X5000r v9.1.0cu OS Command Injection via cstecgi.cgi setLedCfg
CVE-2024-42740 - August 13, 2024

OS Command Injection in TOTOLINK X5000r v9.1.0 CGI
CVE-2024-42739 8.8 - High - August 13, 2024

TOTOLINK X5000r v9.1.0 OS Command Injection via cstecgi.cgi
CVE-2024-42742 8.8 - High - August 12, 2024

TOTOLINK X5000r v9.1.0cu.2350_b20230313 OS Command Injection in cstecgi.cgi
CVE-2024-42743 8.8 - High - August 12, 2024

TOTOLINK X5000r 9.1.0cu: cstecgi CGI OS Command Injection
CVE-2024-42744 8.8 - High - August 12, 2024

OS Command Injection in TOTOLINK X5000r v9.1.0cu.2350 (cgi-bin/cstecgi.cgi)
CVE-2024-42745 8.8 - High - August 12, 2024

TOTOLINK X5000r <9.1.0cu.2350: OS Command Injection in cstecgi.cgi
CVE-2024-42748 8.8 - High - August 12, 2024

OS Command Injection in TOTOLINK X5000r v9.1 Targeting setWanIeCfg
CVE-2024-42747 8.8 - High - August 12, 2024

TOTOLINK X5000r OS Command Injection in /cgi-bin/cstecgi.cgi (v9.1.0cu.2350)
CVE-2024-42741 8.8 - High - August 12, 2024

Command Injection via 'port' param in TOTOLINK X5000R V9.1.0 setSSServer CGI
CVE-2024-32353 - May 14, 2024

Auth RCE via mtu in cstecgi.cgi on TOTOLINK X5000R v9.1.0cu.2350_B20230313
CVE-2024-32349 - May 14, 2024

TOTOLINK X5000R V9.1.0 RCE Authenticated via ipsecPsk in cstecgi.cgi
CVE-2024-32350 - May 14, 2024

TOTOLINK X5000R RCE via 'mru' in cstecgi.cgi (pre-9.1)
CVE-2024-32351 - May 14, 2024

Authenticated RCE via ipsecL2tpEnable in cstecgi.cgi TOTOLINK X5000R v9.1.0
CVE-2024-32352 - May 14, 2024

Command Injection in TOTOLINK X5000R V9.1.0cu.2350 via timeout param
CVE-2024-32354 - May 14, 2024

TOTOLINK X5000R V9.1.0cu.2350 cmd-injection via password param
CVE-2024-32355 - May 14, 2024

TOTOLINK X5000R v9.1.0cu.2350_B20230313 cmd inj via disconnectVPN
CVE-2024-34921 - May 14, 2024

TOTOLINK X5000R V9.1.0u.6369_B2023-01-13: DS via host_time in NTPSyncWithHost
CVE-2024-25468 7.5 - High - February 17, 2024

Command Injection via setWanCfg (Totolink X5000R v9.1.0cu.2350_B20230313)
CVE-2023-31569 9.8 - Critical - June 06, 2023

Cmd Injection in Totolink X5000R v9.1.0u setTracerouteCfg CVE-2023-30013
CVE-2023-30013 9.8 - Critical - May 05, 2023

Totolink
Vendor

Totolink X5000r Firmware
Product