Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The host_time parameter is retrieved via sub_40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the input are validated, the remainder of the string is not sanitized, allowing authenticated attackers to execute arbitrary shell commands via shell metacharacters.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TOTOLINK X6000R 安全漏洞
Vulnerability Description
TOTOLINK X6000R是中国吉翁电子(TOTOLINK)公司的一款无线路由器。 TOTOLINK X6000R v9.4.0cu.1498_B20250826版本存在安全漏洞,该漏洞源于NTPSyncWithHost处理程序中对host_time参数清理不当,可能导致经过身份验证的攻击者通过shell元字符执行任意shell命令。
CVSS Information
N/A
Vulnerability Type
N/A