TOTOLINK's X6000R Router Hit by Severe Security Flaws
TOTOLINK has issued a warning about critical security flaws in its X6000R wireless router. The vulnerabilities allow unauthenticated attackers to remotely execute arbitrary system commands via specially crafted HTTP requests.
The flaws stem from insufficient input validation and poor secure coding practices in the router's firmware. Attackers can craft HTTP POST requests containing malicious payloads to execute commands. The primary attack vector involves command injection vulnerabilities in the router's CGI scripts. Successful exploitation requires only network connectivity to the target device.
The most severe vulnerability allows attackers to bypass authentication mechanisms and execute commands with root privileges. The router's web interface and administrative functions are vulnerable to remote code execution and unauthorized system access. The company, TOTOLINK, has confirmed that the router's firmware contains multiple command injection vulnerabilities.
TOTOLINK urges users to apply the latest firmware updates to mitigate these risks. Until then, users should limit network access to the router and avoid exposing it to public networks. Affected users should contact TOTOLINK for further guidance.
