CVE-2025-52053

CRITICAL
2025-09-15 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:12 vuln.today
PoC Detected
Sep 20, 2025 - 02:49 vuln.today
Public exploit code
CVE Published
Sep 15, 2025 - 15:15 nvd
CRITICAL 9.8

Tags

Command Injection X6000r Firmware TOTOLINK

Description

TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.

Analysis

TOTOLINK X6000R router firmware V9.4.0cu.1360_B20241207 contains an unauthenticated command injection in the sub_417D74 function via the file_name parameter. Remote attackers can execute arbitrary commands on the router without authentication through crafted HTTP requests.

Technical Context

The sub_417D74 function in the router's HTTP server processes the file_name parameter without sanitization, passing it to a system command execution context. No authentication is required. TOTOLINK routers run embedded Linux and the web server typically runs as root.

Affected Products

['TOTOLINK X6000R V9.4.0cu.1360_B20241207']

Remediation

Check for firmware updates from TOTOLINK. Disable remote management. Place the router behind a firewall if used in business environments. Consider replacing with a more actively maintained router brand.

Priority Score

135
Low Medium High Critical
KEV: 0
EPSS: +66.1
CVSS: +49
POC: +20

Share

CVE-2025-52053 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy