21 matches found
TOTOLINK LR350 Command Injection Vulnerability
TOTOLINK LR350 is a wireless router produced by TOTOLINK Corporation. The TOTOLINK LR350 9.3.5u.6369B20220309 version contains a command injection vulnerability. This vulnerability arises from incorrect handling of the parameter “command” in the file /cgi-bin/cstecgi.cgi, which may lead to comman...
CVE-2024-35387
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a stack overflow via the httphost parameter in the function loginAuth...
CVE-2024-34308
Affected product: TOTOLINK LR350 (v9.3.5u.6369_B20220309). A vulnerability in the urldecode function allows a stack overflow via the password parameter. Public records indicate potential for arbitrary code execution and/or denial of service . Several sources corroborate the stack overflow root ca...
CVE-2023-37146
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...
CVE-2023-37149
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...
CVE-2023-37149
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...
CVE-2023-37145
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function...
CVE-2023-37148
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function...
CVE-2023-37145
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function...
CVE-2023-37148
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function...
CVE-2023-37149
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...
TOTOLINK LR350 命令注入漏洞
TOTOLINK LR350 is a wireless router from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK LR350 version V9.3.5u.6369B20220309. An attacker can exploit this vulnerability to conduct a command injection attack via the FileName parameter of the setUploadSetting method...
CVE-2022-44260
TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function...
CVE-2022-44257
TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function...
CVE-2022-44258
TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function...
CVE-2022-44255
TOTOLINK LR350 V9.3.5u.6369B20220309 contains a pre-authentication buffer overflow in the main function via long post data...
Buffer overflow
TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function...
CVE-2022-44255
Totolink LR350 with firmware 9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function that can be triggered by long POST data. The issue is network-accessible and does not require authentication; provenance in the sources indicates potential for remote code executi...
CVE-2022-44259
CVE-2022-44259 affects TOTOLINK LR350 (firmware version 9.3.5u.6369_B20220309). A post-authentication buffer overflow exists in the setParentalRules function triggered via parameters week, sTime, and eTime, potentially enabling remote code execution. Multiple connected sources confirm the vulnera...
CVE-2022-44253
CVE-2022-44253 affects TOTOLINK LR350 (version 9.3.5u.6369_B20220309). A post-authentication buffer overflow is triggered via the ip parameter in the setDiagnosisCfg function, with potential for remote code execution as indicated by multiple sources. The NVD/NIST entry rates impact as high (CVSS ...