Totolink X5000r Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Totolink X5000r Firmware.
By the Year
In 2025 there have been 0 vulnerabilities in Totolink X5000r Firmware. Last year, in 2024 X5000r Firmware had 11 security vulnerabilities published. Right now, X5000r Firmware is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 11 | 8.68 |
2023 | 1 | 9.80 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new X5000r Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Totolink X5000r Firmware Security Vulnerabilities
In TOTOLINK X5000r v9.1.0cu.2350_b20230313
CVE-2024-42739
8.8 - High
- August 13, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
Shell injection
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg
CVE-2024-42738
8.8 - High
- August 13, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
Shell injection
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist
CVE-2024-42737
8.8 - High
- August 13, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
Shell injection
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg
CVE-2024-42748
8.8 - High
- August 12, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
Shell injection
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg
CVE-2024-42747
8.8 - High
- August 12, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
Shell injection
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg
CVE-2024-42745
8.8 - High
- August 12, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
Shell injection
In TOTOLINK X5000r v9.1.0cu.2350_b20230313
CVE-2024-42744
8.8 - High
- August 12, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.
Shell injection
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg
CVE-2024-42743
8.8 - High
- August 12, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands.
Shell injection
In TOTOLINK X5000r v9.1.0cu.2350_b20230313
CVE-2024-42742
8.8 - High
- August 12, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands.
Shell injection
In TOTOLINK X5000r v9.1.0cu.2350_b20230313
CVE-2024-42741
8.8 - High
- August 12, 2024
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
Shell injection
An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113
CVE-2024-25468
7.5 - High
- February 17, 2024
An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component.
Shell injection
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection
CVE-2023-31569
9.8 - Critical
- June 06, 2023
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function.
Command Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Totolink X5000r Firmware or by Totolink? Click the Watch button to subscribe.