Tharsis1024

**Name of the Vulnerable Software and Affected Versions** TOTOLINK X6000R versions V9.4.0cu.652 B20230116 through V9.4.0cu.852 B20230719 **Description** The issue allows a remote attacker to execute arbitrary code via the `hostName` parameter of the switchOpMode component. **Recommendations** For versions V9.4.0cu.652 B20230116 through V9.4.0cu.852 B20230719, consider restricting access to the switchOpMode component to minimize the risk of exploitation. As a temporary workaround, avoid using the `hostName` parameter in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.