X6000r Firmware Totolink X6000r Firmware

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Totolink X6000r Firmware.

By the Year

In 2025 there have been 0 vulnerabilities in Totolink X6000r Firmware. Last year, in 2024 X6000r Firmware had 6 security vulnerabilities published. Right now, X6000r Firmware is on track to have less security vulnerabilities in 2025 than it did last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 6 8.92
2023 15 9.65
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new X6000r Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Totolink X6000r Firmware Security Vulnerabilities

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering

CVE-2024-52723 9.8 - Critical - November 22, 2024

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.

Shell injection

A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719

CVE-2024-7907 9.8 - Critical - August 18, 2024

A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719

CVE-2024-2353 8.8 - High - March 10, 2024

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Shell injection

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719

CVE-2024-1661 5.5 - Medium - February 20, 2024

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Use of Hard-coded Credentials

An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719

CVE-2023-52040 9.8 - Critical - January 24, 2024

An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function.

Command Injection

An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719

CVE-2023-52042 9.8 - Critical - January 16, 2024

An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter.

An issue in TOTOlink X6000R V9.4.0cu.852_B20230719

CVE-2023-46484 9.8 - Critical - October 31, 2023

An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.

Command Injection

An issue in TOTOlink X6000R V9.4.0cu.852_B20230719

CVE-2023-46485 9.8 - Critical - October 31, 2023

An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.

Command Injection

TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability

CVE-2023-46979 9.8 - Critical - October 31, 2023

TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function.

Command Injection

TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers

CVE-2023-46978 7.5 - High - October 31, 2023

TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication.

Missing Authentication for Critical Function

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability

CVE-2023-46423 9.8 - Critical - October 25, 2023

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_417094 function.

Command Injection

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability

CVE-2023-46422 9.8 - Critical - October 25, 2023

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411994 function.

Command Injection

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability

CVE-2023-46421 9.8 - Critical - October 25, 2023

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411D00 function.

Command Injection

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability

CVE-2023-46420 9.8 - Critical - October 25, 2023

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41590C function.

Command Injection

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability

CVE-2023-46419 9.8 - Critical - October 25, 2023

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415730 function.

Command Injection

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability

CVE-2023-46418 9.8 - Critical - October 25, 2023

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_412688 function.

Command Injection

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability

CVE-2023-46417 9.8 - Critical - October 25, 2023

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415498 function.

Command Injection

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability

CVE-2023-46416 9.8 - Critical - October 25, 2023

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ The 41A414 function.

Command Injection

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability

CVE-2023-46415 9.8 - Critical - October 25, 2023

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41E588 function.

Command Injection

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability

CVE-2023-46414 9.8 - Critical - October 25, 2023

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ 41D494 function.

Command Injection

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability

CVE-2023-46424 9.8 - Critical - October 25, 2023

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function.

Command Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Totolink X6000r Firmware or by Totolink? Click the Watch button to subscribe.

Totolink
Vendor

subscribe