TOTOLINK LR350 Command Injection Vulnerability

TOTOLINK LR350 is a wireless router produced by TOTOLINK Corporation. The TOTOLINK LR350 9.3.5u.6369B20220309 version contains a command injection vulnerability. This vulnerability arises from incorrect handling of the parameter “command” in the file /cgi-bin/cstecgi.cgi, which may lead to comman...

CVE-2025-63468

Totolink LR350 v9.3.5u.6369B20220309 was discovered to contain a stack overflow via the httphost parameter in the sub426EF8 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-63468

Totolink LR350 v9.3.5u.6369B20220309 was discovered to contain a stack overflow via the httphost parameter in the sub426EF8 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-63467

Totolink LR350 v9.3.5u.6369B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub425400 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-63467

Totolink LR350 v9.3.5u.6369B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub425400 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

PT-2025-44650

Name of the Vulnerable Software and Affected Versions Totolink LR350 version 9.3.5u.6369 B20220309 Description The Totolink LR350 router firmware contains a stack overflow issue. This occurs through the ssid parameter within the sub 421BAC function. A crafted request can trigger this, leading to ...

PT-2025-44642

Name of the Vulnerable Software and Affected Versions Totolink LR350 version 9.3.5u.6369 B20220309 Description The software contains a stack overflow issue via the password parameter in the sub 426EF8 function. This can allow attackers to cause a Denial of Service DoS through a crafted request...

CVE-2025-63466

Totolink LR350 v9.3.5u.6369B20220309 was discovered to contain a stack overflow via the password parameter in the sub426EF8 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

PT-2025-44644

Name of the Vulnerable Software and Affected Versions Totolink LR350 version 9.3.5u.6369 B20220309 Description The software contains a stack overflow issue via the http host parameter in the sub 426EF8 function. A crafted request can cause a Denial of Service DoS. The vulnerable parameter is http...

CVE-2024-10654

A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be...

CVE-2024-10654

A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be...

PT-2024-6487 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200L version 9.3.5u.6146 B20201023 Description: A critical vulnerability has been found in the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to a stack-based buffer...

PT-2024-5478 · Totolink · Totolink N350Rt

Name of the Vulnerable Software and Affected Versions: TOTOLINK N350RT version 9.3.5u.6139 B20201216 Description: A critical issue affects the setParentalRules function of the /cgi-bin/cstecgi.cgi file, causing a buffer overflow when the week, sTime, and eTime parameters are manipulated. This can...

CVE-2024-35387

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a stack overflow via the httphost parameter in the function loginAuth...

PT-2024-26318 · Totolink · Totolink Lr350

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version 9.3.5u.6698 B20230810 Description: A stack overflow issue was discovered via the password parameter in the loginAuth function. This issue can be exploited, potentially allowing unauthorized access. Recommendations: For...

PT-2024-1319 · Totolink · Totolink N200Re

Name of the Vulnerable Software and Affected Versions: Totolink N200RE versions 9.3.5u.6139 B20201216 Description: The issue is related to a buffer overflow in the loginAuth function of the cstecgi.cgi script in the Totolink N200RE router's firmware. This can be exploited by a remote attacker to...

PT-2024-1394 · Totolink · Totolink N350Rt

Name of the Vulnerable Software and Affected Versions: Totolink N350RT version 9.3.5u.6255 Description: The issue is related to the /cgi-bin/cstecgi.cgi file in the Totolink N350RT router's firmware, which is associated with incorrect session expiration. This can be exploited by a remote attacker...

PT-2024-1072 · Totolink · Totolink N200Re

Name of the Vulnerable Software and Affected Versions: Totolink N200RE version 9.3.5u.6139 B20201216 Description: A critical issue affects the setTracerouteCfg function of the /cgi-bin/cstecgi.cgi file, allowing remote attackers to exploit the vulnerability. The manipulation of the command argume...

Totolink N350RT Security Vulnerability

TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the Totolink N350RT version 9.3.5u.6139B20201216, which originates from the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8's can lead to a stack-based buffer overflow...

CVE-2023-51034

TOTOlink EX1200L V9.3.5u.6146B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface...