Totolink

Lr350 Firmware

21 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-44260

Exploit
  • EPSS 0.32%
  • Published 23.11.2022 16:15:11
  • Last modified 25.04.2025 20:15:34

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function.

9.8

CVE-2022-44249

Exploit
  • EPSS 1.4%
  • Published 23.11.2022 16:15:10
  • Last modified 25.04.2025 21:15:34

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.

8.8

CVE-2022-44259

Exploit
  • EPSS 0.32%
  • Published 23.11.2022 16:15:10
  • Last modified 25.04.2025 20:15:34

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function.

8.8

CVE-2022-44258

Exploit
  • EPSS 0.32%
  • Published 23.11.2022 16:15:10
  • Last modified 25.04.2025 20:15:33

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function.

8.8

CVE-2022-44257

Exploit
  • EPSS 0.24%
  • Published 23.11.2022 16:15:10
  • Last modified 25.04.2025 20:15:33

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function.

9.8

CVE-2022-44255

Exploit
  • EPSS 0.24%
  • Published 23.11.2022 16:15:10
  • Last modified 25.04.2025 20:15:33

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.

8.8

CVE-2022-44254

Exploit
  • EPSS 0.24%
  • Published 23.11.2022 16:15:10
  • Last modified 25.04.2025 20:15:33

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function.

8.8

CVE-2022-44253

Exploit
  • EPSS 0.24%
  • Published 23.11.2022 16:15:10
  • Last modified 25.04.2025 20:15:32

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function.

9.8

CVE-2022-44252

Exploit
  • EPSS 1.4%
  • Published 23.11.2022 16:15:10
  • Last modified 25.04.2025 21:15:35

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.

9.8

CVE-2022-44251

Exploit
  • EPSS 1.4%
  • Published 23.11.2022 16:15:10
  • Last modified 25.04.2025 21:15:35

TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.