Totolink: >> Lr350 Firmware Security Vulnerabilities
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-06-03
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
CVSS Score
9.8
EPSS Score
0.1
Published
2024-05-24
TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-05-14
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-05-14
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-07-07
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-07-07
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-07-07
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-07-07
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-11-23
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.
CVSS Score
9.8
EPSS Score
0.166
Published
2022-11-23