An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function.
The vulnerability lies in the sub_415C80 function of the TOTOLINK X6000R device firmware. An attacker can supply specially crafted input data that is not properly filtered or validated, leading to execution of embedded system commands. The attack can be performed remotely over the network without requiring any privileges or user interaction.
An attacker can gain full control of the device by executing arbitrary system commands, resulting in complete loss of confidentiality, integrity, and availability of the device.
Security patches available from the manufacturer should be applied in accordance with the references. As a temporary measure, it is recommended to restrict access to the device's administrative panel only from trusted networks and to disable remote management through the WAN interface.
TOTOLINK X6000R firmware version v9.4.0cu.852_B20230719
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTotolink X6000r
HWTotolinkwszystkie wersjeTotolink X6000r Firmware
OSTotolink9.4.0cu.852_b20230719
Related vulnerabilities
OS Command Injection w TOTOLINK X6000R — zdalne wykonanie poleceń
OS Command Injection w firmware routera TOTOLINK X6000R
Command injection w TOTOLINK X6000R – zdalne wykonanie kodu bez uwierzytelnienia
Command injection w TOTOLINK X6000R — zdalne wykonanie poleceń bez uwierzytelnienia
Command injection w TOTOLINK X6000R umożliwia zdalne wykonanie kodu