Vulnerability Database

300,830

Total vulnerabilities in the database

CVE-2024-52723

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.

Published: Nov 22, 2024
Updated: May 4, 2025
CVE: CVE-2024-52723
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
totolink / x6000r_firmware	9.4.0cu.1041_b20240224	9.4.0cu.1041_b20240224.x

http://x6000r.com
https://gist.github.com/M4rg4tr01d/e84f8ed8dc27960d7c56ad289f6fb0ff

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo