Vulnerabilities > Totolink > Lr350 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-15 CVE-2024-42967 Unspecified vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.
network
low complexity
totolink
critical
9.8
2023-07-07 CVE-2023-37149 Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.
network
low complexity
totolink CWE-77
critical
9.8
2023-07-07 CVE-2023-37148 Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function.
network
low complexity
totolink CWE-77
critical
9.8
2023-07-07 CVE-2023-37146 Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
network
low complexity
totolink CWE-77
critical
9.8
2023-07-07 CVE-2023-37145 Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.
network
low complexity
totolink CWE-77
critical
9.8
2022-11-23 CVE-2022-44255 Out-of-bounds Write vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.
network
low complexity
totolink CWE-787
critical
9.8
2022-11-23 CVE-2022-44252 OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.
network
low complexity
totolink CWE-78
critical
9.8
2022-11-23 CVE-2022-44251 OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.
network
low complexity
totolink CWE-78
critical
9.8
2022-11-23 CVE-2022-44250 OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2022-11-23 CVE-2022-44249 OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.
network
low complexity
totolink CWE-78
critical
9.8