Totolink Lr350 vulnerabilities

9 known vulnerabilities affecting totolink/lr350.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2026-4976HIGHCVSS 7.4v9.3.5u.6369_B202203092026-03-27
CVE-2026-4976 [HIGH] CWE-119 CVE-2026-4976: A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the fu A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.
cvelistv5nvd
CVE-2026-1157HIGHCVSS 7.4v9.3.5u.6369_B202203092026-01-19
CVE-2026-1157 [HIGH] CWE-119 CVE-2026-1157: A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function se A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
cvelistv5nvd
CVE-2026-1156HIGHCVSS 7.4v9.3.5u.6369_B202203092026-01-19
CVE-2026-1156 [HIGH] CWE-119 CVE-2026-1156: A vulnerability was determined in Totolink LR350 9.3.5u.6369_B20220309. Affected by this issue is th A vulnerability was determined in Totolink LR350 9.3.5u.6369_B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
cvelistv5nvd
CVE-2026-1158HIGHCVSS 7.4v9.3.5u.6369_B202203092026-01-19
CVE-2026-1158 [HIGH] CWE-119 CVE-2026-1158: A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affe A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the pub
cvelistv5nvd
CVE-2026-1155HIGHCVSS 7.4v9.3.5u.6369_B202203092026-01-19
CVE-2026-1155 [HIGH] CWE-119 CVE-2026-1155: A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Affected by this vulnerability is A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Affected by this vulnerability is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.
cvelistv5nvd
CVE-2026-1149MEDIUMCVSS 5.3v9.3.5u.6369_B202203092026-01-19
CVE-2026-1149 [MEDIUM] CWE-74 CVE-2026-1149: A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This issue affects the funct A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
cvelistv5nvd
CVE-2026-1150MEDIUMCVSS 5.3v9.3.5u.6369_B202203092026-01-19
CVE-2026-1150 [MEDIUM] CWE-74 CVE-2026-1150: A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the functio A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be launched remotely. The exploit has been released to the public and may be
cvelistv5nvd
CVE-2024-10654MEDIUMCVSS 6.9v9.3.5u.63692024-11-01
CVE-2024-10654 [MEDIUM] CWE-266 CVE-2024-10654: A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affec A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the
cvelistv5nvd
CVE-2024-7214MEDIUMCVSS 5.3v9.3.5u.6369_B202203092024-07-30
CVE-2024-7214 [MEDIUM] CWE-77 CVE-2024-7214: A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369_B20220309 and classified as critical. A A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369_B20220309 and classified as critical. Affected by this vulnerability is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be u
cvelistv5nvd