Lucene search

Lr350 Firmware Security Vulnerabilities

cve

CVE-2022-44249

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.

9.8CVSS

9.6AI Score

0.449EPSS

2022-11-23 04:15 PM

cve

CVE-2022-44250

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.

9.8CVSS

9.6AI Score

0.449EPSS

2022-11-23 04:15 PM

cve

CVE-2022-44251

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.

9.8CVSS

9.6AI Score

0.449EPSS

2022-11-23 04:15 PM

cve

CVE-2022-44252

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.

9.8CVSS

9.6AI Score

0.449EPSS

2022-11-23 04:15 PM

cve

CVE-2022-44253

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function.

8.8CVSS

8.8AI Score

0.001EPSS

2022-11-23 04:15 PM

cve

CVE-2022-44254

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function.

8.8CVSS

8.8AI Score

0.001EPSS

2022-11-23 04:15 PM

cve

CVE-2022-44255

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.

9.8CVSS

9.6AI Score

0.002EPSS

2022-11-23 04:15 PM

cve

CVE-2022-44257

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function.

8.8CVSS

8.8AI Score

0.001EPSS

2022-11-23 04:15 PM

cve

CVE-2022-44258

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function.

8.8CVSS

8.9AI Score

0.001EPSS

2022-11-23 04:15 PM

cve

CVE-2022-44259

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function.

8.8CVSS

8.8AI Score

0.001EPSS

2022-11-23 04:15 PM

cve

CVE-2022-44260

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function.

8.8CVSS

8.8AI Score

0.001EPSS

2022-11-23 04:15 PM

cve

CVE-2023-37145

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.

9.8CVSS

9.7AI Score

0.556EPSS

2023-07-07 02:15 PM

cve

CVE-2023-37146

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.

9.8CVSS

9.7AI Score

0.556EPSS

2023-07-07 02:15 PM

cve

CVE-2023-37148

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function.

9.8CVSS

9.7AI Score

0.556EPSS

2023-07-07 02:15 PM

109

cve

CVE-2023-37149

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.

9.8CVSS

9.7AI Score

0.556EPSS

2023-07-07 02:15 PM

cve

CVE-2024-42967

Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.

9.8CVSS

6.8AI Score

0.009EPSS

2024-08-15 05:15 PM

cve

CVE-2024-7214

A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369_B20220309 and classified as critical. Affected by this vulnerability is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. The attack can be launched remotely. Th...

8.8CVSS

6.9AI Score

0.001EPSS

2024-07-30 03:15 AM