Lucene search
K

21 matches found

CNNVD
CNNVD
added 2026/01/19 12:0 a.m.7 views

TOTOLINK LR350 Command Injection Vulnerability

TOTOLINK LR350 is a wireless router produced by TOTOLINK Corporation. The TOTOLINK LR350 9.3.5u.6369B20220309 version contains a command injection vulnerability. This vulnerability arises from incorrect handling of the parameter “command” in the file /cgi-bin/cstecgi.cgi, which may lead to comman...

8.8CVSS6.6AI score0.0235EPSS
Exploits1References5
OSV
OSV
added 2024/05/24 6:15 p.m.3 views

CVE-2024-35387

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a stack overflow via the httphost parameter in the function loginAuth...

9.8CVSS5.8AI score0.06071EPSS
Exploits0References1
CVE
CVE
added 2024/05/08 8:14 p.m.37 views

CVE-2024-34308

Affected product: TOTOLINK LR350 (v9.3.5u.6369_B20220309). A vulnerability in the urldecode function allows a stack overflow via the password parameter. Public records indicate potential for arbitrary code execution and/or denial of service . Several sources corroborate the stack overflow root ca...

8.8CVSS8AI score0.0056EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/07/07 2:15 p.m.22 views

CVE-2023-37146

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

9.8CVSS9.8AI score0.01958EPSS
Exploits1References1
NVD
NVD
added 2023/07/07 2:15 p.m.29 views

CVE-2023-37149

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...

9.8CVSS9.8AI score0.01958EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/07 12:0 a.m.31 views

CVE-2023-37149

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...

10AI score0.01958EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/07 12:0 a.m.32 views

CVE-2023-37145

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function...

10AI score0.01958EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/07 12:0 a.m.27 views

CVE-2023-37148

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function...

10AI score0.01958EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/07 12:0 a.m.14 views

CVE-2023-37145

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function...

8.2AI score0.01958EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/07 12:0 a.m.16 views

CVE-2023-37148

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function...

8AI score0.01958EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/07 12:0 a.m.9 views

CVE-2023-37149

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function...

8AI score0.01958EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/07/07 12:0 a.m.5 views

TOTOLINK LR350 命令注入漏洞

TOTOLINK LR350 is a wireless router from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK LR350 version V9.3.5u.6369B20220309. An attacker can exploit this vulnerability to conduct a command injection attack via the FileName parameter of the setUploadSetting method...

9.8CVSS8.5AI score0.01958EPSS
Exploits1References2
NVD
NVD
added 2022/11/23 4:15 p.m.29 views

CVE-2022-44260

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function...

8.8CVSS0.0211EPSS
Exploits1References1
NVD
NVD
added 2022/11/23 4:15 p.m.24 views

CVE-2022-44257

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function...

8.8CVSS0.0211EPSS
Exploits1References1
NVD
NVD
added 2022/11/23 4:15 p.m.24 views

CVE-2022-44258

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function...

8.8CVSS0.02334EPSS
Exploits1References1
NVD
NVD
added 2022/11/23 4:15 p.m.25 views

CVE-2022-44255

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a pre-authentication buffer overflow in the main function via long post data...

9.8CVSS0.02171EPSS
Exploits1References1
Prion
Prion
added 2022/11/23 4:15 p.m.25 views

Buffer overflow

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function...

6.5CVSS8.9AI score0.02334EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/11/23 12:0 a.m.60 views

CVE-2022-44255

Totolink LR350 with firmware 9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function that can be triggered by long POST data. The issue is network-accessible and does not require authentication; provenance in the sources indicates potential for remote code executi...

9.8CVSS9.6AI score0.02171EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/11/23 12:0 a.m.60 views

CVE-2022-44259

CVE-2022-44259 affects TOTOLINK LR350 (firmware version 9.3.5u.6369_B20220309). A post-authentication buffer overflow exists in the setParentalRules function triggered via parameters week, sTime, and eTime, potentially enabling remote code execution. Multiple connected sources confirm the vulnera...

8.8CVSS8.8AI score0.0211EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/11/23 12:0 a.m.52 views

CVE-2022-44253

CVE-2022-44253 affects TOTOLINK LR350 (version 9.3.5u.6369_B20220309). A post-authentication buffer overflow is triggered via the ip parameter in the setDiagnosisCfg function, with potential for remote code execution as indicated by multiple sources. The NVD/NIST entry rates impact as high (CVSS ...

8.8CVSS8.8AI score0.0211EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder