Skip to main content

X6000R

1 CVEs product

Monthly

CVE-2026-4611 HIGH This Week

This vulnerability is an OS command injection flaw in the setLanCfg function of TOTOLINK X6000R routers running firmware versions 9.4.0cu.1360_B20241207 and 9.4.0cu.1498_B20250826. An authenticated attacker with high privileges can execute arbitrary operating system commands by manipulating the Hostname parameter in /usr/sbin/shttpd, potentially leading to complete device compromise. The vulnerability was disclosed via VulDB submission with proof-of-concept information available through reference ID 352475, though no active exploitation (KEV listing) has been reported.

Command Injection X6000R
NVD VulDB
CVSS 4.0
8.6
EPSS
0.7%
EPSS 1% CVSS 8.6
HIGH This Week

This vulnerability is an OS command injection flaw in the setLanCfg function of TOTOLINK X6000R routers running firmware versions 9.4.0cu.1360_B20241207 and 9.4.0cu.1498_B20250826. An authenticated attacker with high privileges can execute arbitrary operating system commands by manipulating the Hostname parameter in /usr/sbin/shttpd, potentially leading to complete device compromise. The vulnerability was disclosed via VulDB submission with proof-of-concept information available through reference ID 352475, though no active exploitation (KEV listing) has been reported.

Command Injection X6000R
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy