CVE-2025-70328

HIGH 8.8

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The host_time parameter is retrieved via sub_40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the input are validated, the remainder of the string is not sanitized, allowing authenticated attackers to execute arbitrary shell commands via shell metacharacters.

Vendor	n/a
Product	n/a
Published	Feb 23, 2026
Last Updated	Feb 25, 2026

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new high vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

notion.so: https://www.notion.so/TOTOLINK-X6000R-NTPSyncWithHost-2d170566ca7f803a8096c1b31b2ed42f?source=copy_link github.com: https://github.com/neighborhood-H/0-DAY/blob/main/Toto-link/X6000R/NTPSyncWihtHost/report.md