← voltar
CVE-2026-4611

TOTOLINK X6000R shttpd setLanCfg privilege escalation

CVSS 8.6 HIGHEPSS 3.0%CWE-77CWE-78
A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X
Produtos afetados
TOTOLINK · X6000R

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://vuldb.com/?ctiid.352475https://vuldb.com/?id.352475https://vuldb.com/?submit.775642https://www.totolink.net/