Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
TOTOLINK Router NTP Sync Attack Allows Unauthorized Command Execution
CVE-2025-70328
Summary
The TOTOLINK X6000R router's NTP sync feature has a security weakness that could allow an attacker to access the router's internal commands. This could happen if an authorized user enters malicious input into the router's settings. To protect your router, update to the latest firmware version available.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| totolink | x6000r_firmware | 9.4.0cu.1498_b20250826 | – |
Original title
TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The host_time parameter is retrieved via su...
Original description
TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The host_time parameter is retrieved via sub_40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the input are validated, the remainder of the string is not sanitized, allowing authenticated attackers to execute arbitrary shell commands via shell metacharacters.
nvd CVSS3.1
8.8
Vulnerability type
CWE-78
OS Command Injection
CWE-94
Code Injection
- https://github.com/neighborhood-H/0-DAY/blob/main/Toto-link/X6000R/NTPSyncWihtHo... Exploit Third Party Advisory
- https://www.notion.so/TOTOLINK-X6000R-NTPSyncWithHost-2d170566ca7f803a8096c1b31b... Exploit Third Party Advisory
Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026