Totolink Lr350 Firmware vulnerabilities

36 known vulnerabilities affecting totolink/lr350_firmware.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL13HIGH19MEDIUM4

Vulnerabilities

Page 2 of 2

CVE-2024-34308HIGHCVSS 8.8v9.3.5u.6369_b202203092024-05-14

CVE-2024-34308 [HIGH] CWE-121 CVE-2024-34308: TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password pa TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.

nvd

CVE-2023-37149CRITICALCVSS 9.8v9.3.5u.6369_b202203092023-07-07

CVE-2023-37149 [CRITICAL] CWE-77 CVE-2023-37149: TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability vi TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.

nvd

CVE-2023-37146CRITICALCVSS 9.8v9.3.5u.6369_b202203092023-07-07

CVE-2023-37146 [CRITICAL] CWE-77 CVE-2023-37146: TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability vi TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.

nvd

CVE-2023-37148CRITICALCVSS 9.8v9.3.5u.6369_b202203092023-07-07

CVE-2023-37148 [CRITICAL] CWE-77 CVE-2023-37148: TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability vi TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function.

nvd

CVE-2023-37145CRITICALCVSS 9.8v9.3.5u.6369_b202203092023-07-07

CVE-2023-37145 [CRITICAL] CWE-77 CVE-2023-37145: TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability vi TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.

nvd

CVE-2022-44250CRITICALCVSS 9.8v9.3.5u.6369_b202203092022-11-23

CVE-2022-44250 [CRITICAL] CWE-78 CVE-2022-44250: TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in t TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.

nvd

CVE-2022-44251CRITICALCVSS 9.8v9.3.5u.6369_b202203092022-11-23

CVE-2022-44251 [CRITICAL] CWE-78 CVE-2022-44251: TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the s TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.

nvd

CVE-2022-44255CRITICALCVSS 9.8v9.3.5u.6369_b202203092022-11-23

CVE-2022-44255 [CRITICAL] CWE-787 CVE-2022-44255: TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main func TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.

nvd

CVE-2022-44249CRITICALCVSS 9.8v9.3.5u.6369_b202203092022-11-23

CVE-2022-44249 [CRITICAL] CWE-78 CVE-2022-44249: TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in t TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.

nvd

CVE-2022-44252CRITICALCVSS 9.8v9.3.5u.6369_b202203092022-11-23

CVE-2022-44252 [CRITICAL] CWE-78 CVE-2022-44252: TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in t TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.

nvd

CVE-2022-44259HIGHCVSS 8.8v9.3.5u.6369_b202203092022-11-23

CVE-2022-44259 [HIGH] CWE-787 CVE-2022-44259: TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter w TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function.

nvd

CVE-2022-44253HIGHCVSS 8.8v9.3.5u.6369_b202203092022-11-23

CVE-2022-44253 [HIGH] CWE-787 CVE-2022-44253: TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter i TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function.

nvd

CVE-2022-44260HIGHCVSS 8.8v9.3.5u.6369_b202203092022-11-23

CVE-2022-44260 [HIGH] CWE-787 CVE-2022-44260: TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter s TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function.

nvd

CVE-2022-44254HIGHCVSS 8.8v9.3.5u.6369_b202203092022-11-23

CVE-2022-44254 [HIGH] CWE-787 CVE-2022-44254: TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter t TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function.

nvd

CVE-2022-44257HIGHCVSS 8.8v9.3.5u.6369_b202203092022-11-23

CVE-2022-44257 [HIGH] CWE-787 CVE-2022-44257: TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter p TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function.

nvd

CVE-2022-44258HIGHCVSS 8.8v9.3.5u.6369_b202203092022-11-23

CVE-2022-44258 [HIGH] CWE-787 CVE-2022-44258: TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter c TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function.

nvd

← Previous2 / 2