TOTOLINK X6000R: Three New Vulnerabilities Uncovered unit42.paloaltonetworks.com/totolink-…

We have uncovered three vulnerabilities in the firmware of the TOTOLINK X6000R router, version V9.4.0cu.1360_B20241207, released on March 28, 2025.

TOTOLINK is a manufacturer of networking products, including routers and other Internet of Things (IoT) devices used by consumers worldwide. The widespread adoption of these products makes their security a critical area of focus.

We worked with TOTOLINK to address this issue, and they have released an updated firmware version to resolve it. Users are advised to install the latest firmware to secure their devices.

This article provides a detailed technical analysis of these vulnerabilities. We will analyze the root cause and demonstrate the impacts.