Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Lr350_firmware
(Totolink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 20 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-05-14 | CVE-2024-35099 | TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth. | Lr350_firmware | N/A | ||
| 2024-05-14 | CVE-2024-35099 | TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth. | Lr350_firmware | N/A | ||
| 2024-08-15 | CVE-2024-42967 | Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. | Lr350_firmware | 9.8 | ||
| 2024-11-01 | CVE-2024-10654 | A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.3.5u.6698_B20230810 is able to address this issue. It is recommended to upgrade the affected component. | Lr350_firmware | 9.1 | ||
| 2022-11-23 | CVE-2022-44250 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. | Lr350_firmware | 9.8 | ||
| 2022-11-23 | CVE-2022-44249 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function. | Lr350_firmware | 9.8 | ||
| 2022-11-23 | CVE-2022-44251 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. | Lr350_firmware | 9.8 | ||
| 2022-11-23 | CVE-2022-44252 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. | Lr350_firmware | 9.8 | ||
| 2022-11-23 | CVE-2022-44253 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function. | Lr350_firmware | 8.8 | ||
| 2022-11-23 | CVE-2022-44254 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function. | Lr350_firmware | 8.8 |