Version 9.4.0cu.652_b20230116

CVE-2024-2353

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

HIGH CVSS 8.8 Published Mar 10, 2024

CVE-2023-46421

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411D00 function.

UNKNOWN CVSS 8.8 Published Oct 25, 2023

CVE-2023-46417

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415498 function.

UNKNOWN CVSS 8.8 Published Oct 25, 2023

CVE-2023-46412

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_41D998 function.

UNKNOWN Published Oct 25, 2023

CVE-2023-46410

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function.

UNKNOWN Published Oct 25, 2023

CVE-2023-46416

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ The 41A414 function.

UNKNOWN CVSS 8.8 Published Oct 25, 2023

CVE-2023-46422

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411994 function.

UNKNOWN CVSS 8.8 Published Oct 25, 2023

CVE-2023-46418

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_412688 function.

UNKNOWN CVSS 8.8 Published Oct 25, 2023

CVE-2023-46414

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ 41D494 function.

UNKNOWN CVSS 8.8 Published Oct 25, 2023

CVE-2023-46423

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_417094 function.

UNKNOWN CVSS 8.8 Published Oct 25, 2023

CVE-2023-46408

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function.

UNKNOWN Published Oct 25, 2023

CVE-2023-46424

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function.

UNKNOWN CVSS 8.8 Published Oct 25, 2023

CVE-2023-46411

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function.

UNKNOWN Published Oct 25, 2023

CVE-2023-46415

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41E588 function.

UNKNOWN CVSS 8.8 Published Oct 25, 2023

CVE-2023-46420

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41590C function.

UNKNOWN CVSS 8.8 Published Oct 25, 2023

CVE-2023-46409

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function.

UNKNOWN Published Oct 25, 2023

CVE-2023-46419

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415730 function.

UNKNOWN CVSS 8.8 Published Oct 25, 2023

CVE-2023-46413

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function.

UNKNOWN Published Oct 25, 2023