CVE-2023-37149: TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.

Affected

1 ranges

Vendor	Product	Version range	Fixed in
totolink	lr350_firmware	—	—