Skip to main content

X6000r Firmware CVE-2025-70328

HIGH
OS Command Injection (CWE-78)
2026-02-23 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Feb 26, 2026 - 03:06 vuln.today
Public exploit code
CVE Published
Feb 23, 2026 - 21:19 nvd
HIGH 8.8

DescriptionCVE.org

TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The host_time parameter is retrieved via sub_40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the input are validated, the remainder of the string is not sanitized, allowing authenticated attackers to execute arbitrary shell commands via shell metacharacters.

AnalysisAI

X6000R Firmware versions up to 9.4.0cu.1498_b20250826 is affected by os command injection (CVSS 8.8).

Technical ContextAI

This vulnerability (CWE-78: OS Command Injection) exists in the NTPSyncWithHost component. TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The host_time parameter is retrieved via sub_40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the input are validated, the remainder of the string is not sanitized, allowing authenticated attackers to execute arbitrary shell commands via shell metacharacters.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-52053 CRITICAL POC
9.8 Sep 15

TOTOLINK X6000R router firmware V9.4.0cu.1360_B20241207 contains an unauthenticated command injection in the sub_417D74

CVE-2023-50651 CRITICAL POC
9.8 Dec 30

TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the

CVE-2024-1781 CRITICAL POC
9.8 Feb 23

A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. Rated critical severity (CVSS 9.8), this vulne

CVE-2023-48800 CRITICAL POC
9.8 Dec 04

In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-en

CVE-2023-48799 CRITICAL POC
9.8 Dec 04

TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution. Rated critical severity (CVSS 9.8),

CVE-2023-48801 CRITICAL POC
9.8 Dec 01

In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-en

CVE-2023-43455 CRITICAL POC
9.8 Dec 01

An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitr

CVE-2023-43454 CRITICAL POC
9.8 Dec 01

An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitr

CVE-2023-43453 CRITICAL POC
9.8 Dec 01

An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitr

CVE-2023-48812 CRITICAL POC
9.8 Nov 30

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through

CVE-2023-48811 CRITICAL POC
9.8 Nov 30

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end throug

CVE-2023-48810 CRITICAL POC
9.8 Nov 30

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end throug

Share

CVE-2025-70328 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy