Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37149 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function. | |||||
| CVE-2023-37146 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | |||||
| CVE-2023-37148 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function. | |||||
| CVE-2023-37145 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. | |||||
| CVE-2022-44251 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. | |||||
| CVE-2022-44257 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function. | |||||
| CVE-2022-44250 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. | |||||
| CVE-2022-44255 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data. | |||||
| CVE-2022-44249 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function. | |||||
| CVE-2022-44253 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function. | |||||
| CVE-2022-44260 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function. | |||||
| CVE-2022-44258 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function. | |||||
| CVE-2022-44254 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function. | |||||
| CVE-2022-44259 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function. | |||||
| CVE-2022-44252 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. | |||||