Vulnerabilities > Totolink > High

DATE CVE VULNERABILITY TITLE RISK
2025-03-02 CVE-2025-1829 OS Command Injection vulnerability in Totolink X18 Firmware 9.1.0Cu.2024B20220329
A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329.
network
low complexity
totolink CWE-78
8.8
8.8
2025-02-16 CVE-2025-1340 Stack-based Buffer Overflow vulnerability in Totolink X18 Firmware 9.1.0Cu.2024B20220329
A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329.
network
low complexity
totolink CWE-121
8.8
8.8
2025-02-16 CVE-2025-1339 Command Injection vulnerability in Totolink X18 Firmware 9.1.0Cu.2024B20220329
A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329.
network
low complexity
totolink CWE-77
8.8
8.8
2025-01-15 CVE-2024-57011 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg.
network
low complexity
totolink CWE-78
8.8
8.8
2025-01-15 CVE-2024-57012 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg.
network
low complexity
totolink CWE-78
8.8
8.8
2025-01-15 CVE-2024-57013 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg.
network
low complexity
totolink CWE-78
8.8
8.8
2025-01-15 CVE-2024-57014 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg.
network
low complexity
totolink CWE-78
8.8
8.8
2025-01-15 CVE-2024-57015 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "hour" parameter in setScheduleCfg.
network
low complexity
totolink CWE-78
8.8
8.8
2025-01-15 CVE-2024-57016 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg.
network
low complexity
totolink CWE-78
8.8
8.8
2025-01-15 CVE-2024-57017 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg.
network
low complexity
totolink CWE-78
8.8
8.8