TOTOLINK X6000R: Three New Vulnerabilities Uncovered


Palo Alto security researchers have uncovered three vulnerabilities in the firmware of the TOTOLINK X6000R router, version V9.4.0cu.1360_B20241207, released on March 28, 2025:

TOTOLINK is a manufacturer of networking products, including routers and other Internet of Things (IoT) devices used by consumers worldwide. The widespread adoption of these products makes their security a critical area of focus. Palo Alto worked with TOTOLINK to address this issue, and they have released an updated firmware version to resolve it. Users are advised to install the latest firmware to secure their devices.

Read more…
Source: Palo Alto Unit 42


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • New Silence hacking group suspected of having ties to cyber-security industry

    September 5, 2018

    At least one member of a newly uncovered cybercrime hacking group appears to be a former or current employee of a cyber-security company, according to a new report released today. The report, published by Moscow-based cyber-security firm Group-IB, breaks down the activity of a previously unreported cyber-criminal group named Silence. According to Group-IB, the group has spent the ...

  • Cybersecurity researchers double SCADA vulnerability finds

    September 3, 2018

    Independent cybersecurity researchers found nearly double the number of vulnerabilities in supervisory control and data acquisition (SCADA) systems in the first six months of 2018 as they did in the first half of 2017, according to a new report by Japanese multinational Trend Micro, amid rising concerns about infrastructure security. The 202 holes spotted in such ...

  • Attackers Abuse WMIC to Download Malicious Files

    August 30, 2018

    Malware authors use WMIC and a host of other legitimate tools to deliver information-stealing malware, highlighting the continued use of living off the land tactics. We recently observed malware authors using a combination of a tool found on all Windows computers and a usually innocuous file type associated with modifying and rendering XML documents. While these ...

  • How hackers managed to steal $13.5 million in Cosmos bank heist

    August 27, 2018

    Earlier this month, reports surfaced which suggested that Cosmos Bank, India’s oldest at 112 years old, had become the victim of a cyberattack which left the institution millions out of pocket. The attack reportedly took place in two stages been August 10 – 13. According to the Hindustan Times, malware was used on the bank’s ATM server ...

  • macOS users targeted by new Lazarus attack

    August 23, 2018

    If you’re into cryptocurrency trading, you might want to pay attention, because a new malware is making rounds that’s stealing people’s money from crypto exchanges. And no, macOS is not safe either, there’s a version for Apple’s operating system, as well. Kaspersky Lab’s researchers from the Global Research and Analysis Team (GReAT) announced they discovered malware dubbed AppleJeus. In ...

  • AdvisorsBot Downloader Emerges in Raft of Malware Campaigns

    August 23, 2018

    A tricky downloader has hit the scene in a series of campaigns targeting restaurants, hotels and telecommunications companies. A new downloader was disclosed today, sporting significant anti-analysis features and increasingly sophisticated distribution techniques. Researchers at Proofpoint have been tracking the downloader as a first-stage payload in campaigns since May 2018. Dubbed AdvisorsBot (due to early command-and-control domains, ...