Name of the Vulnerable Software and Affected Versions:

Totolink X6000R version V9.4.0cu.1360 B20241207

Description:

The device contains a command injection issue in the `sub 4184C0` function. An unauthenticated attacker can execute arbitrary commands by sending a crafted request through the `tz` parameter.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.