{"id":159924,"date":"2025-10-01T08:42:03","date_gmt":"2025-10-01T15:42:03","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=159924"},"modified":"2025-10-03T09:09:11","modified_gmt":"2025-10-03T16:09:11","slug":"totolink-x6000r-vulnerabilities","status":"publish","type":"post","link":"https:\/\/origin-unit42.paloaltonetworks.com\/fr\/totolink-x6000r-vulnerabilities\/","title":{"rendered":"TOTOLINK\u00a0X6000R\u00a0: d\u00e9couverte de trois nouvelles vuln\u00e9rabilit\u00e9s"},"content":{"rendered":"<h2><a id=\"post-159924-_heading=h.t9hy76agknrb\"><\/a>Avant-propos<\/h2>\n<p>Nous avons mis au jour trois vuln\u00e9rabilit\u00e9s dans le firmware du routeur\u00a0TOTOLINK\u00a0X6000R, version V9.4.0cu.1360_B20241207, publi\u00e9e le 28\u00a0mars\u00a02025\u00a0:<\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td style=\"width: 19.0212%; text-align: center;\"><strong>CVE<\/strong><\/td>\n<td style=\"width: 14.312%; text-align: center;\"><strong>Cote<\/strong><\/td>\n<td style=\"width: 13.8504%; text-align: center;\"><strong>Score<\/strong><\/td>\n<td style=\"width: 51.7082%; text-align: center;\"><strong>Description<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 19.0212%; text-align: center;\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-52905\" target=\"_blank\" rel=\"noopener\">CVE-2025-52905<\/a><\/td>\n<td style=\"width: 14.312%; text-align: center;\">\u00c9lev\u00e9e<\/td>\n<td style=\"width: 13.8504%; text-align: center;\">CVSS-B\u00a07.0<\/td>\n<td style=\"width: 51.7082%;\">Une faille d\u2019injection d\u2019arguments que des attaquants peuvent exploiter pour provoquer un d\u00e9ni de service\u00a0(DoS), entra\u00eenant le crash du routeur ou la surcharge de serveurs distants.<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 19.0212%; text-align: center;\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-52906\" target=\"_blank\" rel=\"noopener\">CVE-2025-52906<\/a><\/td>\n<td style=\"width: 14.312%; text-align: center;\">Critique<\/td>\n<td style=\"width: 13.8504%; text-align: center;\">CVSS-B\u00a09.3<\/td>\n<td style=\"width: 51.7082%;\">Une vuln\u00e9rabilit\u00e9 d\u2019injection de commandes non authentifi\u00e9e permettant \u00e0 des attaquants d\u2019ex\u00e9cuter \u00e0 distance des commandes arbitraires sur l\u2019appareil.<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 19.0212%; text-align: center;\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-52907\" target=\"_blank\" rel=\"noopener\">CVE-2025-52907<\/a><\/td>\n<td style=\"width: 14.312%; text-align: center;\">\u00c9lev\u00e9e<\/td>\n<td style=\"width: 13.8504%; text-align: center;\">CVSS-B\u00a07.3<\/td>\n<td style=\"width: 51.7082%;\">Un contournement de s\u00e9curit\u00e9 exploitable pour corrompre des fichiers syst\u00e8me, provoquer un d\u00e9ni de service persistant ou r\u00e9aliser des \u00e9critures de fichiers arbitraires. Encha\u00een\u00e9es, ces attaques peuvent aboutir \u00e0 une ex\u00e9cution de code \u00e0 distance\u00a0(RCE).<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>TOTOLINK est un fabricant de produits r\u00e9seau, notamment de routeurs et d\u2019autres appareils de dispositifs IoT (Internet des objets) utilis\u00e9s par les consommateurs dans le monde entier. L\u2019adoption massive de ces \u00e9quipements rend leur s\u00e9curit\u00e9 particuli\u00e8rement critique.<\/p>\n<p>Nous avons collabor\u00e9 avec TOTOLINK pour r\u00e9soudre ces probl\u00e8mes, et un nouveau firmware a \u00e9t\u00e9 publi\u00e9 afin de les corriger. Les utilisateurs sont invit\u00e9s \u00e0 installer <a href=\"https:\/\/www.totolink.net\/home\/menu\/detail\/menu_listtpl\/download\/id\/247\/ids\/36.html\" target=\"_blank\" rel=\"noopener\">la version la plus r\u00e9cente<\/a> pour s\u00e9curiser leurs appareils.<\/p>\n<p>Cet article propose une analyse technique d\u00e9taill\u00e9e de ces vuln\u00e9rabilit\u00e9s. Nous en examinons les causes profondes et illustrons leurs impacts.<\/p>\n<p>Les clients de Palo\u00a0Alto\u00a0Networks sont mieux prot\u00e9g\u00e9s contre les menaces mentionn\u00e9es dans cet article gr\u00e2ce aux produits et services suivants\u00a0:<\/p>\n<ul>\n<li>Le <a href=\"https:\/\/docs.paloaltonetworks.com\/ngfw\" target=\"_blank\" rel=\"noopener\">Pare-feu nouvelle g\u00e9n\u00e9ration<\/a>, associ\u00e9 \u00e0 l\u2019abonnement de s\u00e9curit\u00e9 Threat Prevention ou <a href=\"https:\/\/docs.paloaltonetworks.com\/advanced-threat-prevention\/administration\" target=\"_blank\" rel=\"noopener\">Advanced\u00a0Threat Prevention<\/a>, permet de bloquer ces attaques.<\/li>\n<li>La solution <a href=\"https:\/\/docs.paloaltonetworks.com\/iot\" target=\"_blank\" rel=\"noopener\">Device\u00a0Security<\/a> Palo\u00a0Alto Networks offre une visibilit\u00e9 imm\u00e9diate, une \u00e9valuation des risques et leur att\u00e9nuation sur l\u2019ensemble du parc d\u2019appareils.<\/li>\n<li><a href=\"https:\/\/www.paloaltonetworks.com\/cortex\/cortex-xpanse\" target=\"_blank\" rel=\"noopener\">Cortex\u00a0Xpanse<\/a> et <a href=\"https:\/\/www.paloaltonetworks.com\/cortex\/cortex-xsiam\" target=\"_blank\" rel=\"noopener\">l\u2019add-on\u00a0ASM pour XSIAM<\/a> permettent de d\u00e9tecter les routeurs\u00a0TOTOLINK expos\u00e9s sur Internet et potentiellement accessibles par inadvertance.<\/li>\n<\/ul>\n<p>Si vous pensez que votre entreprise a pu \u00eatre compromise ou si vous faites face \u00e0 une urgence, contactez l\u2019<a href=\"https:\/\/start.paloaltonetworks.com\/contact-unit42.html\" target=\"_blank\" rel=\"noopener\">\u00e9quipe Unit\u00a042 de r\u00e9ponse \u00e0 incident<\/a>.<\/p>\n<table style=\"width: 100.573%;\">\n<thead>\n<tr>\n<td style=\"width: 35%;\"><b>Unit\u00a042 \u2013\u00a0Th\u00e9matiques connexes<\/b><\/td>\n<td style=\"width: 196.739%;\"><a href=\"https:\/\/unit42.paloaltonetworks.com\/fr\/tag\/iot-vulnerability-fr\/\" target=\"_blank\" rel=\"noopener\"><b>Vuln\u00e9rabilit\u00e9 IoT<\/b><\/a><\/td>\n<\/tr>\n<\/thead>\n<\/table>\n<h2><a id=\"post-159924-_heading=h.h6cp7einkerv\"><\/a>Analyse des vuln\u00e9rabilit\u00e9s<\/h2>\n<p>L\u2019interface web du routeur\u00a0TOTOLINK\u00a0X6000R repose fortement sur la route\u00a0<span style=\"font-family: 'courier new', courier, monospace;\">\/cgi-bin\/cstecgi.cgi<\/span> pour sa fonctionnalit\u00e9 centrale. Cet endpoint fait office de hub de traitement\u00a0: il re\u00e7oit les requ\u00eates utilisateur et d\u00e9cide de l\u2019action pertinente \u00e0 ex\u00e9cuter. Lorsque l\u2019interface web envoie une requ\u00eate \u00e0 <span style=\"font-family: 'courier new', courier, monospace;\">cstecgi.cgi<\/span>, elle contient un param\u00e8tre <span style=\"font-family: 'courier new', courier, monospace;\">topicurl<\/span>. Le serveur\u00a0HTTP int\u00e9gr\u00e9 au routeur utilise la valeur de <span style=\"font-family: 'courier new', courier, monospace;\">topicurl<\/span> pour d\u00e9terminer quelle fonction interne appeler, agissant ainsi comme un m\u00e9canisme de routage pour la configuration et l\u2019exploitation du routeur.<\/p>\n<p>Nous avons identifi\u00e9 plusieurs vuln\u00e9rabilit\u00e9s dans les fonctions trait\u00e9es par cette route\u00a0<span style=\"font-family: 'courier new', courier, monospace;\">\/cgi-bin\/cstecgi.cgi<\/span>, qui peuvent permettre \u00e0 des attaquants non authentifi\u00e9s d\u2019exploiter l\u2019interface web du routeur. Nous proposons maintenant une analyse technique approfondie de chacune de ces vuln\u00e9rabilit\u00e9s, en commen\u00e7ant par la faille d\u2019injection d\u2019arguments.<\/p>\n<h3><a id=\"post-159924-_heading=h.kmxurfrym6n7\"><\/a>CVE-2025-52905\u00a0: injection d\u2019arguments<\/h3>\n<p>Le firmware version\u00a0V9.4.0cu.1360_B20241207 inclut une fonction de validation des entr\u00e9es destin\u00e9e \u00e0 pr\u00e9venir les injections de commandes, illustr\u00e9e \u00e0 la figure\u00a01.<\/p>\n<figure id=\"attachment_159926\" aria-describedby=\"caption-attachment-159926\" style=\"width: 700px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-159926 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/10\/word-image-355711-159924-1.png\" alt=\"Capture d\u2019\u00e9cran de code informatique dans un IDE, pr\u00e9sentant des fonctions de recherche de cha\u00eenes avec des param\u00e8tres d\u00e9finis.\" width=\"700\" height=\"382\" \/><figcaption id=\"caption-attachment-159926\" class=\"wp-caption-text\">Figure 1. Fonction de validation des entr\u00e9es utilisateur.<\/figcaption><\/figure>\n<p>La liste de blocage de cette fonction n\u2019exclut pas le caract\u00e8re tiret (-), ce qui cr\u00e9e une vuln\u00e9rabilit\u00e9 d\u2019injection d\u2019arguments de s\u00e9v\u00e9rit\u00e9 \u00e9lev\u00e9e affectant plusieurs composants.<\/p>\n<h3><a id=\"post-159924-_heading=h.ubn9o4q35os2\"><\/a>CVE-2025-52906\u00a0: injection de commandes non authentifi\u00e9e<\/h3>\n<p>La fonction\u00a0<span style=\"font-family: 'courier new', courier, monospace;\">setEasyMeshAgentCfg<\/span>, charg\u00e9e de configurer les param\u00e8tres de l\u2019agent\u00a0EasyMesh, est vuln\u00e9rable \u00e0 une injection de commandes sans authentification. Cette vuln\u00e9rabilit\u00e9 provient d\u2019un d\u00e9faut de validation et de d\u00e9sinfection de la valeur fournie par l\u2019utilisateur pour le param\u00e8tre\u00a0<span style=\"font-family: 'courier new', courier, monospace;\">agentName<\/span>. Un attaquant peut ainsi injecter des commandes arbitraires que le routeur ex\u00e9cutera avec les privil\u00e8ges du processus du serveur\u00a0web.<\/p>\n<p>Cette vuln\u00e9rabilit\u00e9 ne requiert aucune authentification\u00a0: tout attaquant pouvant atteindre l\u2019interface\u00a0web du routeur peut l\u2019exploiter.<\/p>\n<p>Il s\u2019agit d\u2019un \u00e9chec de la validation des entr\u00e9es. L\u2019obtention d\u2019un acc\u00e8s root permettrait \u00e0 un attaquant\u00a0:<\/p>\n<ul>\n<li>d\u2019intercepter le trafic\u00a0;<\/li>\n<li>de pivoter vers d\u2019autres appareils du r\u00e9seau\u00a0;<\/li>\n<li>d\u2019installer des malwares persistants.<\/li>\n<\/ul>\n<h3><a id=\"post-159924-_heading=h.fgo12gqlfx8e\"><\/a>CVE-2025-52907\u00a0: contournement de s\u00e9curit\u00e9<\/h3>\n<p>Comme indiqu\u00e9 dans la section pr\u00e9c\u00e9dente, la fonction de d\u00e9sinfection du firmware est d\u00e9ploy\u00e9e dans plusieurs composants mais repose sur une liste de blocage de caract\u00e8res incompl\u00e8te. Cela permet \u00e0 un attaquant non authentifi\u00e9 de contourner la v\u00e9rification et d\u2019effectuer des manipulations arbitraires de fichiers.<\/p>\n<p>Cette m\u00eame vuln\u00e9rabilit\u00e9 s\u2019\u00e9tend \u00e0 d\u2019autres composants, y compris la fonction\u00a0<span style=\"font-family: 'courier new', courier, monospace;\">setWizardCfg<\/span> (figure\u00a02).<\/p>\n<figure id=\"attachment_159937\" aria-describedby=\"caption-attachment-159937\" style=\"width: 970px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-159937 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/10\/word-image-358446-159924-2.png\" alt=\"Capture d\u2019\u00e9cran de code informatique avec des appels de fonctions et des commentaires relatifs aux entr\u00e9es utilisateur, \u00e0 la configuration DHCP et \u00e0 un contr\u00f4le d\u2019int\u00e9grit\u00e9. Des encadr\u00e9s rouges mettent en \u00e9vidence ces trois fonctions.\" width=\"970\" height=\"536\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/10\/word-image-358446-159924-2.png 970w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/10\/word-image-358446-159924-2-786x434.png 786w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/10\/word-image-358446-159924-2-768x424.png 768w\" sizes=\"(max-width: 970px) 100vw, 970px\" \/><figcaption id=\"caption-attachment-159937\" class=\"wp-caption-text\">Figure 2. Analyse du traitement vuln\u00e9rable de la fonction <span style=\"font-family: 'courier new', courier, monospace;\">setWizardCfg.<\/span><\/figcaption><\/figure>\n<p>La vuln\u00e9rabilit\u00e9 permet une \u00e9criture arbitraire de fichiers en contournant le m\u00eame contr\u00f4le de validation des entr\u00e9es utilisateur, ce qui autorise un attaquant non authentifi\u00e9 pour escalader son attaque. Cela peut inclure la cr\u00e9ation ou la modification de fichiers syst\u00e8me critiques \u2013\u00a0par exemple <span style=\"font-family: 'courier new', courier, monospace;\">\/etc\/passwd<\/span> pour ajouter de nouveaux utilisateurs\u00a0\u2013 ou l\u2019alt\u00e9ration de scripts de d\u00e9marrage afin d\u2019obtenir une ex\u00e9cution de code \u00e0 distance (RCE) persistante.<\/p>\n<h2><a id=\"post-159924-_heading=h.ptwf4qeq527n\"><\/a>Conclusion et recommandations<\/h2>\n<p>Les routeurs domestiques sont la porte d\u2019entr\u00e9e num\u00e9rique vers Internet pour des millions d\u2019utilisateurs. Ils jouent un r\u00f4le cl\u00e9 dans la protection des donn\u00e9es personnelles, des \u00e9quipements connect\u00e9s de la maison et des actifs de l\u2019entreprise accessibles en t\u00e9l\u00e9travail.<\/p>\n<p>Des attaquants non authentifi\u00e9s pourraient exploiter ces vuln\u00e9rabilit\u00e9s pour perturber les services r\u00e9seau, obtenir un acc\u00e8s non autoris\u00e9 aux appareils et potentiellement ex\u00e9cuter du code arbitraire. La mise \u00e0 jour rapide du firmware est donc essentielle pour r\u00e9duire ces risques. Ces vuln\u00e9rabilit\u00e9s rappellent l\u2019importance de pratiques de s\u00e9curit\u00e9 robustes dans les dispositifs\u00a0IoT et la responsabilit\u00e9 partag\u00e9e entre les fournisseurs, les chercheurs en s\u00e9curit\u00e9 et les utilisateurs pour maintenir un \u00e9cosyst\u00e8me num\u00e9rique s\u00fbr.<\/p>\n<p>Pour se pr\u00e9munir de ces menaces, les utilisateurs doivent imm\u00e9diatement mettre \u00e0 jour leur routeur\u00a0TOTOLINK\u00a0X6000R avec la <a href=\"https:\/\/www.totolink.net\/home\/menu\/detail\/menu_listtpl\/download\/id\/247\/ids\/36.html\" target=\"_blank\" rel=\"noopener\">derni\u00e8re version de firmware disponible<\/a> (V9.4.0cu.1498_B20250826).<\/p>\n<p>Les clients Palo\u00a0Alto Networks b\u00e9n\u00e9ficient d\u2019une protection proactive contre ces vuln\u00e9rabilit\u00e9s gr\u00e2ce \u00e0 nos produits et services suivants\u00a0:<\/p>\n<ul>\n<li>Le <a href=\"https:\/\/docs.paloaltonetworks.com\/ngfw\" target=\"_blank\" rel=\"noopener\">Pare-feu nouvelle g\u00e9n\u00e9ration<\/a>, associ\u00e9 \u00e0 l\u2019abonnement de s\u00e9curit\u00e9 Threat Prevention ou <a href=\"https:\/\/docs.paloaltonetworks.com\/advanced-threat-prevention\/administration\" target=\"_blank\" rel=\"noopener\">Advanced\u00a0Threat Prevention<\/a>, permet de bloquer ces attaques en appliquant les bonnes pratiques via les signatures suivantes\u00a0: <a href=\"https:\/\/threatvault.paloaltonetworks.com\/?query=95097\" target=\"_blank\" rel=\"noopener\">95097<\/a> et <a href=\"https:\/\/threatvault.paloaltonetworks.com\/?query=96495\" target=\"_blank\" rel=\"noopener\">96495<\/a>.<\/li>\n<li>La plateforme <a href=\"https:\/\/docs.paloaltonetworks.com\/iot\" target=\"_blank\" rel=\"noopener\">Device\u00a0Security<\/a> Palo\u00a0Alto Networks peut exploiter les informations issues du trafic r\u00e9seau pour identifier le fournisseur, le mod\u00e8le et la version du firmware d\u2019un dispositif, d\u00e9tecter les \u00e9quipements affect\u00e9s par des vuln\u00e9rabilit\u00e9s connues et appliquer des politiques de s\u00e9curit\u00e9 adaptatives selon le niveau de risque.<\/li>\n<li><a href=\"https:\/\/www.paloaltonetworks.com\/cortex\/cortex-xpanse\" target=\"_blank\" rel=\"noopener\">Cortex\u00a0Xpanse<\/a> et <a href=\"https:\/\/www.paloaltonetworks.com\/cortex\/cortex-xsiam\" target=\"_blank\" rel=\"noopener\">l\u2019add-on\u00a0ASM pour XSIAM<\/a> permettent de d\u00e9tecter les routeurs\u00a0TOTOLINK expos\u00e9s sur Internet et potentiellement accessibles par inadvertance.<\/li>\n<\/ul>\n<h2><a id=\"post-159924-_heading=h.szzenhhwo56l\"><\/a>Calendrier de divulgation<\/h2>\n<ul>\n<li>13\u00a0juin\u00a02025\u00a0: Palo\u00a0Alto Network signale les vuln\u00e9rabilit\u00e9s \u00e0 TOTOLINK.<\/li>\n<li>19\u00a0juin\u00a02025\u00a0: TOTOLINK a fourni une version corrig\u00e9e du firmware (V9.4.0cu.1454_B20250619) et l\u2019a transmis \u00e0 Palo\u00a0Alto Networks pour validation.<\/li>\n<li>20\u00a0juin\u00a02025\u00a0: Palo Alto Networks a lanc\u00e9 le processus d\u2019attribution des identifiants\u00a0CVE pour ces vuln\u00e9rabilit\u00e9s.<\/li>\n<li>25\u00a0juin\u00a02025\u00a0: TOTOLINK a publi\u00e9 le firmware dans une mise \u00e0 jour publique.<\/li>\n<li>23\u00a0septembre\u00a02025\u00a0: les CVE ont \u00e9t\u00e9 publi\u00e9s sur le GitHub de Palo\u00a0Alto Networks.<\/li>\n<\/ul>\n<h2><a id=\"post-159924-_heading=h.o72w6fayw0p2\"><\/a>Pour aller plus loin<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.totolink.net\/home\/menu\/detail\/menu_listtpl\/download\/id\/247\/ids\/36.html\" target=\"_blank\" rel=\"noopener\">Derni\u00e8re version du firmware X6000R<\/a> \u2013\u00a0TOTOLINK<\/li>\n<li><a href=\"https:\/\/unit42.paloaltonetworks.com\/qnap-qts-firmware-cve-2023-50358\/\" target=\"_blank\" rel=\"noopener\">Nouvelle vuln\u00e9rabilit\u00e9 dans le firmware\u00a0QNAP\u00a0QTS\u00a0: CVE-2023-50358<\/a> \u2013 Unit\u00a042, Palo\u00a0Alto Networks<\/li>\n<li><a href=\"https:\/\/github.com\/PaloAltoNetworks\/u42-vulnerability-disclosures\/blob\/main\/2025\/PANW-2025-0001\/PANW-2025-0001.md\" target=\"_blank\" rel=\"noopener\">PANW-2025-0001<\/a> \u2013 GitHub Palo Alto Networks Vulnerability Disclosures<\/li>\n<li><a href=\"https:\/\/github.com\/PaloAltoNetworks\/u42-vulnerability-disclosures\/blob\/main\/2025\/PANW-2025-0002\/PANW-2025-0002.md\" target=\"_blank\" rel=\"noopener\">PANW-2025-0002<\/a> \u2013 GitHub Palo Alto Networks Vulnerability Disclosures<\/li>\n<li><a href=\"https:\/\/github.com\/PaloAltoNetworks\/u42-vulnerability-disclosures\/blob\/main\/2025\/PANW-2025-0003\/PANW-2025-0003.md\" target=\"_blank\" rel=\"noopener\">PANW-2025-0003<\/a> \u2013 GitHub Palo Alto Networks Vulnerability Disclosures<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Des chercheurs ont identifi\u00e9 des vuln\u00e9rabilit\u00e9s dans les routeurs TOTOLINK X6000R : CVE-2025-52905, CVE-2025-52906 et CVE-2025-52907. Nous en analysons leurs causes profondes et leurs impacts.<\/p>\n","protected":false},"author":278,"featured_media":159832,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[8832,8850],"tags":[9661,9660,9659,9658,9476],"product_categories":[8965,8955,9041,9077,9064,9083,9151],"coauthors":[836],"class_list":["post-159924","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threat-research-fr","category-vulnerabilities-fr","tag-cve-2025-52905-fr","tag-cve-2025-52906-fr","tag-cve-2025-52907-fr","tag-iot-vulnerability-fr","tag-remote-code-execution-fr","product_categories-advanced-threat-prevention-fr","product_categories-cloud-delivered-security-services-fr","product_categories-cortex-fr","product_categories-cortex-xpanse-fr","product_categories-cortex-xsiam-fr","product_categories-next-generation-firewall-fr","product_categories-unit-42-incident-response-fr"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>TOTOLINK\u00a0X6000R\u00a0: d\u00e9couverte de trois nouvelles vuln\u00e9rabilit\u00e9s<\/title>\n<meta name=\"description\" content=\"Des chercheurs ont identifi\u00e9 des vuln\u00e9rabilit\u00e9s dans les routeurs TOTOLINK X6000R : CVE-2025-52905, CVE-2025-52906 et CVE-2025-52907. Nous en analysons leurs causes profondes et leurs impacts.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unit42.paloaltonetworks.com\/fr\/totolink-x6000r-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"TOTOLINK\u00a0X6000R\u00a0: d\u00e9couverte de trois nouvelles vuln\u00e9rabilit\u00e9s\" \/>\n<meta property=\"og:description\" content=\"Des chercheurs ont identifi\u00e9 des vuln\u00e9rabilit\u00e9s dans les routeurs TOTOLINK X6000R : CVE-2025-52905, CVE-2025-52906 et CVE-2025-52907. Nous en analysons leurs causes profondes et leurs impacts.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unit42.paloaltonetworks.com\/fr\/totolink-x6000r-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"Unit 42\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-01T15:42:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-03T16:09:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/09\/02_Vulnerabilities_1920x900.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Zhibin Zhang\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"TOTOLINK\u00a0X6000R\u00a0: d\u00e9couverte de trois nouvelles vuln\u00e9rabilit\u00e9s","description":"Des chercheurs ont identifi\u00e9 des vuln\u00e9rabilit\u00e9s dans les routeurs TOTOLINK X6000R : CVE-2025-52905, CVE-2025-52906 et CVE-2025-52907. Nous en analysons leurs causes profondes et leurs impacts.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unit42.paloaltonetworks.com\/fr\/totolink-x6000r-vulnerabilities\/","og_locale":"fr_FR","og_type":"article","og_title":"TOTOLINK\u00a0X6000R\u00a0: d\u00e9couverte de trois nouvelles vuln\u00e9rabilit\u00e9s","og_description":"Des chercheurs ont identifi\u00e9 des vuln\u00e9rabilit\u00e9s dans les routeurs TOTOLINK X6000R : CVE-2025-52905, CVE-2025-52906 et CVE-2025-52907. Nous en analysons leurs causes profondes et leurs impacts.","og_url":"https:\/\/unit42.paloaltonetworks.com\/fr\/totolink-x6000r-vulnerabilities\/","og_site_name":"Unit 42","article_published_time":"2025-10-01T15:42:03+00:00","article_modified_time":"2025-10-03T16:09:11+00:00","og_image":[{"width":1920,"height":900,"url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/09\/02_Vulnerabilities_1920x900.jpg","type":"image\/jpeg"}],"author":"Zhibin Zhang","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unit42.paloaltonetworks.com\/fr\/totolink-x6000r-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/fr\/totolink-x6000r-vulnerabilities\/"},"author":{"name":"Zhibin Zhang","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/ef2736b38e39c269e59b3d79094883da"},"headline":"TOTOLINK\u00a0X6000R\u00a0: d\u00e9couverte de trois nouvelles vuln\u00e9rabilit\u00e9s","datePublished":"2025-10-01T15:42:03+00:00","dateModified":"2025-10-03T16:09:11+00:00","mainEntityOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/fr\/totolink-x6000r-vulnerabilities\/"},"wordCount":1367,"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/fr\/totolink-x6000r-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/09\/02_Vulnerabilities_1920x900.jpg","keywords":["CVE-2025-52905","CVE-2025-52906","CVE-2025-52907","IoT Vulnerability","Remote Code Execution"],"articleSection":["Recherche sur les menaces","Vuln\u00e9rabilit\u00e9s"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/unit42.paloaltonetworks.com\/fr\/totolink-x6000r-vulnerabilities\/","url":"https:\/\/unit42.paloaltonetworks.com\/fr\/totolink-x6000r-vulnerabilities\/","name":"TOTOLINK\u00a0X6000R\u00a0: d\u00e9couverte de trois nouvelles vuln\u00e9rabilit\u00e9s","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/fr\/totolink-x6000r-vulnerabilities\/#primaryimage"},"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/fr\/totolink-x6000r-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/09\/02_Vulnerabilities_1920x900.jpg","datePublished":"2025-10-01T15:42:03+00:00","dateModified":"2025-10-03T16:09:11+00:00","author":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/ef2736b38e39c269e59b3d79094883da"},"description":"Des chercheurs ont identifi\u00e9 des vuln\u00e9rabilit\u00e9s dans les routeurs TOTOLINK X6000R : CVE-2025-52905, CVE-2025-52906 et CVE-2025-52907. Nous en analysons leurs causes profondes et leurs impacts.","breadcrumb":{"@id":"https:\/\/unit42.paloaltonetworks.com\/fr\/totolink-x6000r-vulnerabilities\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unit42.paloaltonetworks.com\/fr\/totolink-x6000r-vulnerabilities\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/unit42.paloaltonetworks.com\/fr\/totolink-x6000r-vulnerabilities\/#primaryimage","url":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/09\/02_Vulnerabilities_1920x900.jpg","contentUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/09\/02_Vulnerabilities_1920x900.jpg","width":1920,"height":900,"caption":"Pictorial representation of vulnerabilities in TOTOLINK X6000R. Close-up of a digital display with illuminated red and blue lights indicating a \"SYSTEM HACKED\" alert."},{"@type":"BreadcrumbList","@id":"https:\/\/unit42.paloaltonetworks.com\/fr\/totolink-x6000r-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/unit42.paloaltonetworks.com\/"},{"@type":"ListItem","position":2,"name":"TOTOLINK\u00a0X6000R\u00a0: d\u00e9couverte de trois nouvelles vuln\u00e9rabilit\u00e9s"}]},{"@type":"WebSite","@id":"https:\/\/unit42.paloaltonetworks.com\/#website","url":"https:\/\/unit42.paloaltonetworks.com\/","name":"Unit 42","description":"Palo Alto Networks","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unit42.paloaltonetworks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/ef2736b38e39c269e59b3d79094883da","name":"Zhibin Zhang","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/image\/9213e49ea48b7676660bac40d05c9e3e","url":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","contentUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","caption":"Zhibin Zhang"},"url":"https:\/\/origin-unit42.paloaltonetworks.com\/fr\/author\/zhibin-zhang\/"}]}},"_links":{"self":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/fr\/wp-json\/wp\/v2\/posts\/159924","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/fr\/wp-json\/wp\/v2\/users\/278"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/fr\/wp-json\/wp\/v2\/comments?post=159924"}],"version-history":[{"count":1,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/fr\/wp-json\/wp\/v2\/posts\/159924\/revisions"}],"predecessor-version":[{"id":159948,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/fr\/wp-json\/wp\/v2\/posts\/159924\/revisions\/159948"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/fr\/wp-json\/wp\/v2\/media\/159832"}],"wp:attachment":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/fr\/wp-json\/wp\/v2\/media?parent=159924"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/fr\/wp-json\/wp\/v2\/categories?post=159924"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/fr\/wp-json\/wp\/v2\/tags?post=159924"},{"taxonomy":"product_categories","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/fr\/wp-json\/wp\/v2\/product_categories?post=159924"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/fr\/wp-json\/wp\/v2\/coauthors?post=159924"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}