RCE in Totolink X6000r
CVE-2025-52906
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360_B20241207.
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.009 (75.7th percentile) — read the EPSS interpretation.
Affected products
- Totolink X6000r — versions 0