Lucene search

N350Rt Firmware Security Vulnerabilities

cve

CVE-2022-36479

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost.

7.8CVSS

7.8AI Score

0.002EPSS

2022-08-25 02:15 PM

cve

CVE-2022-36480

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg.

7.8CVSS

7.8AI Score

0.0005EPSS

2022-08-25 02:15 PM

cve

CVE-2022-36481

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg.

7.8CVSS

7.8AI Score

0.002EPSS

2022-08-25 02:15 PM

cve

CVE-2022-36482

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the lang parameter in the function setLanguageCfg.

7.8CVSS

7.8AI Score

0.002EPSS

2022-08-25 02:15 PM

cve

CVE-2022-36483

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the pppoeUser parameter.

7.8CVSS

7.8AI Score

0.0005EPSS

2022-08-25 02:15 PM

cve

CVE-2022-36484

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the function setDiagnosisCfg.

7.8CVSS

7.8AI Score

0.0005EPSS

2022-08-25 02:15 PM

cve

CVE-2022-36485

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.

7.8CVSS

7.8AI Score

0.002EPSS

2022-08-25 02:15 PM

cve

CVE-2022-36486

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.

7.8CVSS

7.8AI Score

0.002EPSS

2022-08-25 02:15 PM

cve

CVE-2022-36487

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg.

7.8CVSS

7.8AI Score

0.002EPSS

2022-08-25 02:15 PM

cve

CVE-2022-36488

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules.

7.8CVSS

7.8AI Score

0.0005EPSS

2022-08-25 02:15 PM

cve

CVE-2023-7187

A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The...

8.8CVSS

8.7AI Score

0.0005EPSS

2023-12-31 02:15 PM

cve

CVE-2023-7213

A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33 leads to stack-based b...

8.8CVSS

8.8AI Score

0.001EPSS

2024-01-07 07:15 PM

cve

CVE-2023-7214

A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8 leads to stack-based ...

8.8CVSS

8.8AI Score

0.001EPSS

2024-01-07 08:15 PM

cve

CVE-2023-7218

A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...

7.2CVSS

7.2AI Score

0.002EPSS

2024-01-08 09:15 PM

cve

CVE-2023-7219

A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical. Affected by this vulnerability is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. The attack can be launched re...

9.8CVSS

9.5AI Score

0.002EPSS

2024-01-09 06:15 AM

cve

CVE-2024-0570

A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to ...

9.1CVSS

9.2AI Score

0.005EPSS

2024-01-16 02:15 PM

cve

CVE-2024-0943

A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack ...

5.3CVSS

5.5AI Score

0.001EPSS

2024-01-26 08:15 PM

cve

CVE-2024-42966

Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.

9.8CVSS

6.8AI Score

0.009EPSS

2024-08-15 05:15 PM

cve

CVE-2024-7333

A vulnerability was found in TOTOLINK N350RT 9.3.5u.6139_B20201216. It has been declared as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. The attack can be initiated re...

8.8CVSS

8.8AI Score

0.002EPSS

2024-08-01 02:15 AM

cve

CVE-2024-7462

A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has be...

9.8CVSS

8.9AI Score

0.003EPSS

2024-08-05 12:15 AM