CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2022-44844
https://notcve.org/view.php?id=CVE-2022-44844
25 Nov 2022 — TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function. Se descubrió que TOTOlink A7100RU V7.4cu.2313_B20191024 contiene una vulnerabilidad de inyección de comando a través del parámetro pass en la función settings/setOpenVpnCfg. • https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/A7100RU/2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2022-44249
https://notcve.org/view.php?id=CVE-2022-44249
23 Nov 2022 — TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function. TOTOLINK NR1800X V9.1.0u.6279_B20210910 contiene una inyección de comando a través del parámetro FileName en la función UploadFirmwareFile. • https://brief-nymphea-813.notion.site/LR350-command-injection-UploadFirmwareFile-f006f70e9e6540529d262a8d34154d24 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2022-44250
https://notcve.org/view.php?id=CVE-2022-44250
23 Nov 2022 — TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. TOTOLINK NR1800X V9.1.0u.6279_B20210910 contiene una inyección de comando a través del parámetro hostName en la función setOpModeCfg. • https://brief-nymphea-813.notion.site/LR350-command-injection-setOpModeCfg-7133dfcdeb9c4dfb87d9b5f4490b9a07 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2022-44251
https://notcve.org/view.php?id=CVE-2022-44251
23 Nov 2022 — TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. TOTOLINK NR1800X V9.1.0u.6279_B20210910 contiene una inyección de comando a través del parámetro ussd en la función setUssd. • https://brief-nymphea-813.notion.site/LR350-command-injection-setUssd-f25d6489a0e44468bf455e7af1173fdb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2022-44252
https://notcve.org/view.php?id=CVE-2022-44252
23 Nov 2022 — TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. TOTOLINK NR1800X V9.1.0u.6279_B20210910 contiene una inyección de comando a través del parámetro FileName en la función setUploadSetting. • https://brief-nymphea-813.notion.site/LR350-command-injection-setUploadSetting-b6d3012a3c2f43adac79c44edd57c937 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44253
https://notcve.org/view.php?id=CVE-2022-44253
23 Nov 2022 — TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function. TOTOLINK LR350 V9.3.5u.6369_B20220309 contiene un desbordamiento del búfer posterior a la autenticación a través del parámetro ip en la función setDiagnosisCfg. • https://brief-nymphea-813.notion.site/LR350-bof-setDiagnosisCfg-bdae239f42e64a48a57b070b5bf17456 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44254
https://notcve.org/view.php?id=CVE-2022-44254
23 Nov 2022 — TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function. TOTOLINK LR350 V9.3.5u.6369_B20220309 contiene un desbordamiento del búfer posterior a la autenticación a través del texto del parámetro en la función setSmsCfg. • https://brief-nymphea-813.notion.site/LR350-bof-setSmsCfg-fd30228720dc4119911ed0b31c7c26c7 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44255
https://notcve.org/view.php?id=CVE-2022-44255
23 Nov 2022 — TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data. TOTOLINK LR350 V9.3.5u.6369_B20220309 contiene un desbordamiento del búfer de autenticación previa en la función principal a través de datos de publicación largos. • https://brief-nymphea-813.notion.site/LR350-bof-main-pre-authentication-9475d39331cd4d8bae67c8560ce279b7 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44256
https://notcve.org/view.php?id=CVE-2022-44256
23 Nov 2022 — TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function. TOTOLINK LR350 V9.3.5u.6369_B20220309 contiene un desbordamiento del búfer posterior a la autenticación a través del parámetro lang en la función setLanguageCfg. • https://brief-nymphea-813.notion.site/LR350-bof-setLanguageCfg-ddd638b9bb2d4c72b8dba5125c293141 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44257
https://notcve.org/view.php?id=CVE-2022-44257
23 Nov 2022 — TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function. TOTOLINK LR350 V9.3.5u.6369_B20220309 contiene un desbordamiento del búfer posterior a la autenticación a través del parámetro pppoeUser en la función setOpModeCfg. • https://brief-nymphea-813.notion.site/LR350-bof-setOpModeCfg-9dc3504e403f445b85d5db09176ac406 • CWE-787: Out-of-bounds Write •