CVE-2026-1723 PUBLISHED

TOTOLINK X6000R Unauthenticated Command Injection Vulnerability

Assigner: palo_alto
Reserved: 30.01.2026 Published: 30.01.2026 Updated: 30.01.2026

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H
CVSS Score: 9.2

Product Status

Vendor TOTOLINK
Product X6000R
Versions Default: unaffected
  • affected from 0 to V9.4.0cu.1498_B20250826 (incl.)

References

Problem Types

  • CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE

Impacts

  • CAPEC-88 OS Command Injection