📦 X5000r Firmware
by Totolink
🔍 What is X5000r Firmware?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This critical vulnerability allows unauthenticated attackers to enable Telnet service and gain root access with blank password on Totolink X5000R routers. Attackers can execute arbitrary commands as r...
This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK X5000R routers by injecting malicious commands through the 'port' parameter in the setSSServer function. Attackers ...
A buffer overflow vulnerability in TOTOLink routers allows remote attackers to execute arbitrary code or cause denial of service by sending specially crafted data to the IP field. This affects TOTOLin...
This vulnerability allows remote attackers to execute arbitrary code on affected TOTOLINK routers via a stack overflow in the setLanguageCfg function. Attackers can exploit this by sending specially c...
This vulnerability allows remote attackers to execute arbitrary code on affected TOTOLINK X5000R routers by sending specially crafted requests to the setLanguageCfg function's lang parameter. Attacker...
This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK X5000R routers via command injection in the setWanCfg function. Attackers can gain full control of affected devices...
This CVE describes a command injection vulnerability in TOTOLINK X5000R routers that allows remote attackers to execute arbitrary commands via the 'command' parameter in the setTracerouteCfg endpoint....
This CVE describes a critical command injection vulnerability in Totolink routers that allows attackers to execute arbitrary system commands via the Tunnel 6rd function. Attackers can exploit this by ...
This CVE describes a critical command injection vulnerability in Totolink routers that allows attackers to execute arbitrary commands via the hostName parameter in the setWanCfg function. Attackers ca...
This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK X5000R routers by injecting malicious commands into the NTPSyncWithHost function's host_time parameter. Attackers c...
This critical vulnerability in TOTOLINK X5000R routers allows attackers to execute arbitrary system commands through the firmware upload function. Attackers can gain complete control of affected devic...
This CVE describes a critical command injection vulnerability in TOTOLINK routers that allows remote attackers to execute arbitrary operating system commands by sending specially crafted HTTP requests...
This CVE describes a critical command injection vulnerability in TOTOLINK X5000R and A720R routers that allows remote attackers to execute arbitrary operating system commands by sending specially craf...
This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X5000R routers by injecting malicious commands through the sHour parameter in the setWiFiScheduleC...
This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X5000R routers by injecting malicious commands into the 'minute' parameter of the setScheduleCfg f...
This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X5000R routers by injecting malicious payloads into the 'week' parameter of the setScheduleCfg fun...
This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers where attackers can execute arbitrary commands via the 'switch' parameter in the setScheduleCfg function. This allow...
This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X5000R routers by injecting malicious commands through the 'recHour' parameter in the setScheduleC...
This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers where attackers can execute arbitrary commands via the 'hour' parameter in the setScheduleCfg function. This allows ...
This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers where an attacker can execute arbitrary commands via the 'user' parameter in the setVpnAccountCfg function. This all...
This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X5000R routers by injecting malicious commands through the 'pass' parameter in the setVpnAccountCf...
This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X5000R routers by injecting malicious commands through the 'desc' parameter in the setVpnAccountCf...
This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X5000R routers by injecting malicious commands through the 'limit' parameter in the setVpnAccountC...
This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X5000R routers by injecting malicious commands through the sMinute parameter in the setWiFiSchedul...
This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLINK X5000R routers by injecting malicious commands through the eHour parameter in the setWiFiScheduleC...
This vulnerability allows authenticated attackers to execute arbitrary operating system commands on TOTOLINK X5000r routers through command injection in the delBlacklist function. Attackers can gain f...
This CVE describes an authenticated OS command injection vulnerability in TOTOLINK X5000r routers. Attackers with valid credentials can execute arbitrary commands on the device by sending malicious pa...
This CVE describes an OS command injection vulnerability in TOTOLINK X5000r routers that allows authenticated attackers to execute arbitrary commands on the device. The vulnerability exists in the set...
This CVE describes an authenticated OS command injection vulnerability in TOTOLINK X5000r routers. Attackers with valid credentials can send specially crafted packets to execute arbitrary commands on ...
This vulnerability allows authenticated attackers to execute arbitrary operating system commands on TOTOLINK X5000r routers through command injection in the WiFi WPS configuration function. Attackers ...
This vulnerability allows authenticated attackers to execute arbitrary operating system commands on TOTOLINK X5000r routers by sending malicious packets to a specific CGI endpoint. Attackers with vali...
This vulnerability allows authenticated attackers to execute arbitrary commands on TOTOLINK X5000R routers by manipulating the ipsecL2tpEnable parameter in the cstecgi.cgi binary. It affects users run...
This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK X5000R routers by injecting malicious commands into the 'password' parameter of the setSSServer function. Attackers...
This vulnerability allows authenticated attackers to execute arbitrary commands on TOTOLINK X5000R routers by exploiting improper input validation in the ipsecPsk parameter. Attackers with valid crede...
This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK X5000R routers via the disconnectVPN function. Attackers can gain full control of affected devices, potentially com...
This vulnerability allows attackers to intercept administrator credentials for TOTOLINK X5000R routers because the admin interface uses unencrypted HTTP instead of HTTPS. Anyone using the affected rou...
This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers. Attackers can exploit the 'exportOvpn' function via the web interface to execute arbitrary commands on the device. ...
This CVE describes a command injection vulnerability in TOTOLINK X5000R routers affecting the sub_410C34 function in the cgi-bin/cstecgi.cgi file. Attackers can manipulate the 'pid' argument to execut...
This vulnerability allows remote attackers to execute arbitrary commands on Totolink X5000R routers through command injection in the apcli_wps_gen_pincode function. Attackers can gain full control of ...
This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers where an attacker can execute arbitrary commands via the 'week' parameter in the setWiFiScheduleCfg function. This a...
This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers via the 'desc' parameter in the setWiFiScheduleCfg function. Attackers can execute arbitrary commands with router pr...