Security Vulnerabilities - CVEs Published In November 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.
CVSS Score
9.8
EPSS Score
0.015
Published
2022-11-23
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.
CVSS Score
9.8
EPSS Score
0.015
Published
2022-11-23
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.
CVSS Score
9.8
EPSS Score
0.015
Published
2022-11-23
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-11-23
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-11-23
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-11-23
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-11-23
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-11-23
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-11-23
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-11-23