Skip to main content

X6000r Firmware CVE-2025-52053

CRITICAL
Command Injection (CWE-77)
2025-09-15 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:12 vuln.today
PoC Detected
Sep 20, 2025 - 02:49 vuln.today
Public exploit code
CVE Published
Sep 15, 2025 - 15:15 nvd
CRITICAL 9.8

DescriptionCVE.org

TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.

AnalysisAI

TOTOLINK X6000R router firmware V9.4.0cu.1360_B20241207 contains an unauthenticated command injection in the sub_417D74 function via the file_name parameter. Remote attackers can execute arbitrary commands on the router without authentication through crafted HTTP requests.

Technical ContextAI

The sub_417D74 function in the router's HTTP server processes the file_name parameter without sanitization, passing it to a system command execution context. No authentication is required. TOTOLINK routers run embedded Linux and the web server typically runs as root.

RemediationAI

Check for firmware updates from TOTOLINK. Disable remote management. Place the router behind a firewall if used in business environments. Consider replacing with a more actively maintained router brand.

CVE-2023-50651 CRITICAL POC
9.8 Dec 30

TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the

CVE-2024-1781 CRITICAL POC
9.8 Feb 23

A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. Rated critical severity (CVSS 9.8), this vulne

CVE-2023-48800 CRITICAL POC
9.8 Dec 04

In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-en

CVE-2023-48799 CRITICAL POC
9.8 Dec 04

TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution. Rated critical severity (CVSS 9.8),

CVE-2023-48801 CRITICAL POC
9.8 Dec 01

In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-en

CVE-2023-43455 CRITICAL POC
9.8 Dec 01

An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitr

CVE-2023-43454 CRITICAL POC
9.8 Dec 01

An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitr

CVE-2023-43453 CRITICAL POC
9.8 Dec 01

An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitr

CVE-2023-48812 CRITICAL POC
9.8 Nov 30

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through

CVE-2023-48811 CRITICAL POC
9.8 Nov 30

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end throug

CVE-2023-48810 CRITICAL POC
9.8 Nov 30

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end throug

CVE-2023-48808 CRITICAL POC
9.8 Nov 30

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end throug

Share

CVE-2025-52053 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy