CVE-2025-52907

Description

Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

High

Attack Requirements

Present

Privileges Required

None

User Interaction

Active

Confidentiality (Vulnerable System)

Low

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

Low

Confidentiality (Subsequent System)

High

Integrity (Subsequent System)

High

Availability (Subsequent System)

High

Unchanged

Affected products

totolink / X6000R0 – V9.4.0cu.1360_B20241207

References

MISChttps://www.totolink.net/home/menu/detail/menu_listtpl/download/id/247/ids/36.html
MISChttps://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blob/main/2025/PANW-2025-0003/PANW-2025-0003.md