LR350
by Totolink
CVEs (33)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-42967 | Cri | 0.64 | 9.8 | 0.01 | Aug 15, 2024 | Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. | ||
| CVE-2024-36783 | Cri | 0.64 | 9.8 | 0.01 | Jun 3, 2024 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function. | ||
| CVE-2024-35387 | Cri | 0.64 | 9.8 | 0.06 | May 24, 2024 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. | ||
| CVE-2024-35099 | Cri | 0.64 | 9.8 | 0.01 | May 14, 2024 | TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth. | ||
| CVE-2023-37149 | Cri | 0.64 | 9.8 | 0.02 | Jul 7, 2023 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function. | ||
| CVE-2023-37148 | Cri | 0.64 | 9.8 | 0.02 | Jul 7, 2023 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function. | ||
| CVE-2023-37146 | Cri | 0.64 | 9.8 | 0.02 | Jul 7, 2023 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | ||
| CVE-2023-37145 | Cri | 0.64 | 9.8 | 0.02 | Jul 7, 2023 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. | ||
| CVE-2022-44255 | Cri | 0.64 | 9.8 | 0.02 | Nov 23, 2022 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data. | ||
| CVE-2026-4976 | Hig | 0.57 | 8.8 | 0.01 | Mar 27, 2026 | A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack can be launched remotely. The exploit has… | ||
| CVE-2024-34308 | Hig | 0.57 | 8.8 | 0.01 | May 14, 2024 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode. | ||
| CVE-2022-44260 | Hig | 0.57 | 8.8 | 0.02 | Nov 23, 2022 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function. | ||
| CVE-2022-44259 | Hig | 0.57 | 8.8 | 0.02 | Nov 23, 2022 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function. | ||
| CVE-2022-44258 | Hig | 0.57 | 8.8 | 0.02 | Nov 23, 2022 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function. | ||
| CVE-2022-44257 | Hig | 0.57 | 8.8 | 0.02 | Nov 23, 2022 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function. | ||
| CVE-2022-44256 | Hig | 0.57 | 8.8 | 0.02 | Nov 23, 2022 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function. | ||
| CVE-2022-44254 | Hig | 0.57 | 8.8 | 0.02 | Nov 23, 2022 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function. | ||
| CVE-2022-44253 | Hig | 0.57 | 8.8 | 0.02 | Nov 23, 2022 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function. | ||
| CVE-2026-1150 | Med | 0.41 | 6.3 | 0.02 | Jan 19, 2026 | A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be… | ||
| CVE-2026-1149 | Med | 0.41 | 6.3 | 0.03 | Jan 19, 2026 | A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be… |
- risk 0.64cvss 9.8epss 0.01
Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.
- risk 0.64cvss 9.8epss 0.01
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function.
- risk 0.64cvss 9.8epss 0.06
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
- risk 0.64cvss 9.8epss 0.01
TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.
- risk 0.57cvss 8.8epss 0.01
A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack can be launched remotely. The exploit has…
- risk 0.57cvss 8.8epss 0.01
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.
- risk 0.57cvss 8.8epss 0.02
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function.
- risk 0.57cvss 8.8epss 0.02
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function.
- risk 0.57cvss 8.8epss 0.02
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function.
- risk 0.57cvss 8.8epss 0.02
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function.
- risk 0.57cvss 8.8epss 0.02
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function.
- risk 0.57cvss 8.8epss 0.02
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function.
- risk 0.57cvss 8.8epss 0.02
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function.
- risk 0.41cvss 6.3epss 0.02
A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be…
- risk 0.41cvss 6.3epss 0.03
A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be…
Page 1 of 2