X6000r
This hub aggregates every CVE we track for X6000r, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.
24
CVEs tracked
15
Critical
5
High
0
In CISA KEV
Severity distribution
CRITICAL15HIGH5MEDIUM3LOW1
Monthly trend
1
0
0
0
0
0
1
0
0
0
0
1
0
5
0
0
0
0
1
1
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting X6000r.
- CVE-2026-4611TOTOLINK X6000R shttpd setLanCfg privilege escalation7.2
- CVE-2025-70328TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The host_time parameter is retrieved via su...8.8
- CVE-2025-11005TOTOLINK X6000R Unauthenticated Command Injection Vulnerability9.8
- CVE-2025-52907TOTOLINK X6000R Security Bypass Vulnerability8.8
- CVE-2025-52906TOTOLINK X6000R Command Injection Vulnerability9.8
- CVE-2025-52905TOTOLINK X6000R Argument Injection Vulnerability7.5
- CVE-2025-52053TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vulnerability allows unauthenticated atta...9.8
- CVE-2025-52284Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers t...6.5
- CVE-2025-25524Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who succ...5.1
- CVE-2024-7907TOTOLINK X6000R cstecgi.cgi setSyslogCfg command injection6.3
- CVE-2024-2353Totolink X6000R shttpd cstecgi.cgi setDiagnosisCfg os command injection8.8
- CVE-2024-1661Totolink X6000R shadow hard-coded credentials2.5
- CVE-2023-52041An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program.9.8
- CVE-2023-48800In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSy...9.8
- CVE-2023-48804In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a...9.8
Product normalization is registry-driven with AI assist and human review. How it works