VYPR

LR350

by Totolink

CVEs (33)

  • CVE-2024-42967CriAug 15, 2024
    risk 0.64cvss 9.8epss 0.01

    Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.

  • CVE-2024-36783CriJun 3, 2024
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function.

  • CVE-2024-35387CriMay 24, 2024
    risk 0.64cvss 9.8epss 0.06

    TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.

  • CVE-2024-35099CriMay 14, 2024
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth.

  • CVE-2023-37149CriJul 7, 2023
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.

  • CVE-2023-37148CriJul 7, 2023
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function.

  • CVE-2023-37146CriJul 7, 2023
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.

  • CVE-2023-37145CriJul 7, 2023
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.

  • CVE-2022-44255CriNov 23, 2022
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.

  • CVE-2026-4976HigMar 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack can be launched remotely. The exploit has…

  • CVE-2024-34308HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.

  • CVE-2022-44260HigNov 23, 2022
    risk 0.57cvss 8.8epss 0.02

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function.

  • CVE-2022-44259HigNov 23, 2022
    risk 0.57cvss 8.8epss 0.02

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function.

  • CVE-2022-44258HigNov 23, 2022
    risk 0.57cvss 8.8epss 0.02

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function.

  • CVE-2022-44257HigNov 23, 2022
    risk 0.57cvss 8.8epss 0.02

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function.

  • CVE-2022-44256HigNov 23, 2022
    risk 0.57cvss 8.8epss 0.02

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function.

  • CVE-2022-44254HigNov 23, 2022
    risk 0.57cvss 8.8epss 0.02

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function.

  • CVE-2022-44253HigNov 23, 2022
    risk 0.57cvss 8.8epss 0.02

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function.

  • CVE-2026-1150MedJan 19, 2026
    risk 0.41cvss 6.3epss 0.02

    A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be…

  • CVE-2026-1149MedJan 19, 2026
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be…

Page 1 of 2