RCE in Totolink X6000r

CVE-2026-1723

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.005 (65.0th percentile) — read the EPSS interpretation.

Affected products

Totolink X6000r — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

References