CVE-2024-36783Command Injection in Lr350 Firmware

CWE-77Command Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.2%
top 52.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Totolink Lr350 Firmware
Timeline
PublishedJun 3

Description

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDtotolink/lr350_firmware9.3.5u.6369_b20220309

🔴Vulnerability Details

2
GHSA
GHSA-fvxx-vh2c-22pw: TOTOLINK LR350 V92024-06-03
CVEList
CVE-2024-36783: TOTOLINK LR350 V92024-06-03
CVE-2024-36783 — Command Injection in Lr350 Firmware | cvebase