Command Injection Vulnerability in TOTOLINK X6000R Router
CVE-2025-52053
9.8CRITICAL
What is CVE-2025-52053?
The TOTOLINK X6000R router version V9.4.0cu.1360_B20241207 contains a command injection vulnerability due to improper handling of user input in the sub_417D74 function. An unauthenticated attacker can exploit this flaw by sending a specially crafted request with a malicious 'file_name' parameter, allowing arbitrary command execution on the device. This vulnerability poses significant risks to network security and may allow unauthorized access or control of the impacted router.
