Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> N350rt Firmware  Security Vulnerabilities
CVE-2023-7187
A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. The identifier VDB-249389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-12-31
CVE-2022-36479
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost.
CVSS Score
7.8
EPSS Score
0.013
Published
2022-08-25
CVE-2022-36480
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-25
CVE-2022-36481
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg.
CVSS Score
7.8
EPSS Score
0.013
Published
2022-08-25
CVE-2022-36482
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the lang parameter in the function setLanguageCfg.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-08-25
CVE-2022-36483
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the pppoeUser parameter.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-25
CVE-2022-36484
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the function setDiagnosisCfg.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-25
CVE-2022-36485
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.
CVSS Score
7.8
EPSS Score
0.013
Published
2022-08-25
CVE-2022-36486
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.
CVSS Score
7.8
EPSS Score
0.013
Published
2022-08-25
CVE-2022-36487
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg.
CVSS Score
7.8
EPSS Score
0.013
Published
2022-08-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved