CVSS: 10.0EPSS: 27%CPEs: 2EXPL: 1CVE-2023-37145
https://notcve.org/view.php?id=CVE-2023-37145
07 Jul 2023 — TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. • https://github.com/DaDong-G/Vulnerability_info/blob/main/TOTOLINK/lr350/1/Readme.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 27%CPEs: 2EXPL: 1CVE-2023-37146
https://notcve.org/view.php?id=CVE-2023-37146
07 Jul 2023 — TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. • https://github.com/DaDong-G/Vulnerability_info/tree/main/TOTOLINK/lr350/2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 27%CPEs: 2EXPL: 1CVE-2023-37148
https://notcve.org/view.php?id=CVE-2023-37148
07 Jul 2023 — TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function. • https://github.com/DaDong-G/Vulnerability_info/blob/main/TOTOLINK/lr350/3/README.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 27%CPEs: 2EXPL: 1CVE-2023-37149
https://notcve.org/view.php?id=CVE-2023-37149
07 Jul 2023 — TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function. • https://github.com/DaDong-G/Vulnerability_info/blob/main/TOTOLINK/lr350/4/README.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2022-44249
https://notcve.org/view.php?id=CVE-2022-44249
23 Nov 2022 — TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function. TOTOLINK NR1800X V9.1.0u.6279_B20210910 contiene una inyección de comando a través del parámetro FileName en la función UploadFirmwareFile. • https://brief-nymphea-813.notion.site/LR350-command-injection-UploadFirmwareFile-f006f70e9e6540529d262a8d34154d24 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2022-44250
https://notcve.org/view.php?id=CVE-2022-44250
23 Nov 2022 — TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. TOTOLINK NR1800X V9.1.0u.6279_B20210910 contiene una inyección de comando a través del parámetro hostName en la función setOpModeCfg. • https://brief-nymphea-813.notion.site/LR350-command-injection-setOpModeCfg-7133dfcdeb9c4dfb87d9b5f4490b9a07 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2022-44251
https://notcve.org/view.php?id=CVE-2022-44251
23 Nov 2022 — TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. TOTOLINK NR1800X V9.1.0u.6279_B20210910 contiene una inyección de comando a través del parámetro ussd en la función setUssd. • https://brief-nymphea-813.notion.site/LR350-command-injection-setUssd-f25d6489a0e44468bf455e7af1173fdb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2022-44252
https://notcve.org/view.php?id=CVE-2022-44252
23 Nov 2022 — TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. TOTOLINK NR1800X V9.1.0u.6279_B20210910 contiene una inyección de comando a través del parámetro FileName en la función setUploadSetting. • https://brief-nymphea-813.notion.site/LR350-command-injection-setUploadSetting-b6d3012a3c2f43adac79c44edd57c937 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44253
https://notcve.org/view.php?id=CVE-2022-44253
23 Nov 2022 — TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function. TOTOLINK LR350 V9.3.5u.6369_B20220309 contiene un desbordamiento del búfer posterior a la autenticación a través del parámetro ip en la función setDiagnosisCfg. • https://brief-nymphea-813.notion.site/LR350-bof-setDiagnosisCfg-bdae239f42e64a48a57b070b5bf17456 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44254
https://notcve.org/view.php?id=CVE-2022-44254
23 Nov 2022 — TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function. TOTOLINK LR350 V9.3.5u.6369_B20220309 contiene un desbordamiento del búfer posterior a la autenticación a través del texto del parámetro en la función setSmsCfg. • https://brief-nymphea-813.notion.site/LR350-bof-setSmsCfg-fd30228720dc4119911ed0b31c7c26c7 • CWE-787: Out-of-bounds Write •