VYPR

LR350

by Totolink

CVEs (33)

  • CVE-2024-7214MedJul 30, 2024
    risk 0.41cvss 6.3epss 0.03

    A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369_B20220309 and classified as critical. Affected by this vulnerability is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. The attack can be…

  • CVE-2024-10654MedNov 1, 2024
    risk 0.35cvss 5.3epss 0.02

    A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The…

  • CVE-2026-1158Jan 19, 2026
    risk 0.00cvss epss 0.01

    A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow.…

  • CVE-2026-1157Jan 19, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit is…

  • CVE-2026-1156Jan 19, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was determined in Totolink LR350 9.3.5u.6369_B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid causes buffer overflow. It is possible to initiate the attack remotely. The…

  • CVE-2026-1155Jan 19, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Affected by this vulnerability is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack may be performed from remote. The…

  • CVE-2025-63464Oct 31, 2025
    risk 0.00cvss epss 0.00

    Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_42396C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-63467Oct 31, 2025
    risk 0.00cvss epss 0.00

    Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-63468Oct 31, 2025
    risk 0.00cvss epss 0.00

    Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-63466Oct 31, 2025
    risk 0.00cvss epss 0.00

    Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-63463Oct 31, 2025
    risk 0.00cvss epss 0.00

    Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub_4232EC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-63469Oct 31, 2025
    risk 0.00cvss epss 0.00

    Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_421BAC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-63465Oct 31, 2025
    risk 0.00cvss epss 0.00

    Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_422880 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Page 2 of 2