X5000r Firmware Totolink X5000r Firmware

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Totolink X5000r Firmware.

By the Year

In 2025 there have been 0 vulnerabilities in Totolink X5000r Firmware. Last year, in 2024 X5000r Firmware had 11 security vulnerabilities published. Right now, X5000r Firmware is on track to have less security vulnerabilities in 2025 than it did last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 11 8.68
2023 1 9.80
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new X5000r Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Totolink X5000r Firmware Security Vulnerabilities

In TOTOLINK X5000r v9.1.0cu.2350_b20230313

CVE-2024-42739 8.8 - High - August 13, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg

CVE-2024-42738 8.8 - High - August 13, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist

CVE-2024-42737 8.8 - High - August 13, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg

CVE-2024-42748 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg

CVE-2024-42747 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg

CVE-2024-42745 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

In TOTOLINK X5000r v9.1.0cu.2350_b20230313

CVE-2024-42744 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg

CVE-2024-42743 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

In TOTOLINK X5000r v9.1.0cu.2350_b20230313

CVE-2024-42742 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

In TOTOLINK X5000r v9.1.0cu.2350_b20230313

CVE-2024-42741 8.8 - High - August 12, 2024

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Shell injection

An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113

CVE-2024-25468 7.5 - High - February 17, 2024

An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component.

Shell injection

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection

CVE-2023-31569 9.8 - Critical - June 06, 2023

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function.

Command Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Totolink X5000r Firmware or by Totolink? Click the Watch button to subscribe.

Totolink
Vendor

subscribe