CVE-2025-52053

Name of the Vulnerable Software and Affected Versions TOTOLINK X6000R version 9.4.0cu.1360 B20241207

Description The vulnerability resides in the sub 417D74() function of the TOTOLINK X6000R router's firmware. The issue is due to a lack of data sanitization on the management level when processing the file name parameter. This allows unauthenticated attackers to execute arbitrary commands via a crafted request.

Recommendations TOTOLINK X6000R version 9.4.0cu.1360 B20241207: As a temporary workaround, consider restricting access to the sub 417D74() function until a patch is available.