Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Lr350_firmware
(Totolink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-07-07 | CVE-2023-37146 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | Lr350_firmware | 9.8 | ||
| 2023-07-07 | CVE-2023-37148 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function. | Lr350_firmware | 9.8 | ||
| 2023-07-07 | CVE-2023-37149 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function. | Lr350_firmware | 9.8 | ||
| 2022-11-23 | CVE-2022-44259 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function. | Lr350_firmware | 8.8 | ||
| 2022-11-23 | CVE-2022-44253 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function. | Lr350_firmware | 8.8 | ||
| 2022-11-23 | CVE-2022-44254 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function. | Lr350_firmware | 8.8 | ||
| 2022-11-23 | CVE-2022-44255 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data. | Lr350_firmware | 9.8 | ||
| 2022-11-23 | CVE-2022-44257 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function. | Lr350_firmware | 8.8 | ||
| 2022-11-23 | CVE-2022-44258 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function. | Lr350_firmware | 8.8 | ||
| 2022-11-23 | CVE-2022-44260 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function. | Lr350_firmware | 8.8 |