Totolink

Lr350 Firmware

34 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-63469

Exploit
  • EPSS 0.27%
  • Veröffentlicht 31.10.2025 00:00:00
  • Zuletzt bearbeitet 05.11.2025 17:30:23

Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_421BAC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

7.5

CVE-2025-63464

Exploit
  • EPSS 0.27%
  • Veröffentlicht 31.10.2025 00:00:00
  • Zuletzt bearbeitet 05.11.2025 17:29:41

Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_42396C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

7.5

CVE-2025-63463

Exploit
  • EPSS 0.27%
  • Veröffentlicht 31.10.2025 00:00:00
  • Zuletzt bearbeitet 05.11.2025 17:29:47

Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub_4232EC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

9.1

CVE-2024-10654

Exploit
  • EPSS 1.71%
  • Veröffentlicht 01.11.2024 12:15:03
  • Zuletzt bearbeitet 10.03.2025 18:01:14

A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads...

9.8

CVE-2024-42967

Exploit
  • EPSS 0.19%
  • Veröffentlicht 15.08.2024 17:15:20
  • Zuletzt bearbeitet 13.03.2025 16:15:22

Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.

8.8

CVE-2024-7214

Exploit
  • EPSS 4.71%
  • Veröffentlicht 30.07.2024 03:15:02
  • Zuletzt bearbeitet 21.11.2024 09:51:06

A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369_B20220309 and classified as critical. Affected by this vulnerability is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command i...

9.8

CVE-2024-36783

  • EPSS 0.32%
  • Veröffentlicht 03.06.2024 20:15:09
  • Zuletzt bearbeitet 21.11.2024 09:22:37

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function.

9.8

CVE-2024-35099

  • EPSS 0.3%
  • Veröffentlicht 14.05.2024 15:39:39
  • Zuletzt bearbeitet 05.05.2025 17:09:33

TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth.

8.8

CVE-2024-34308

  • EPSS 0.11%
  • Veröffentlicht 14.05.2024 15:38:38
  • Zuletzt bearbeitet 04.04.2025 14:46:54

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.

9.8

CVE-2023-37149

Exploit
  • EPSS 1.45%
  • Veröffentlicht 07.07.2023 14:15:09
  • Zuletzt bearbeitet 21.11.2024 08:11:06

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.