cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10654,https://securityvulnerability.io/vulnerability/CVE-2024-10654,Authorization Bypass Vulnerability in TOTOLINK LR350,"A critical authorization bypass vulnerability has been identified in the TOTOLINK LR350 router, specifically affecting versions up to 9.3.5u.6369. This vulnerability is associated with the manipulation of the authentication parameter 'authCode' within the /formLoginAuth.htm file, allowing unauthorized users to gain access remotely. The flaw poses significant risks as it enables attackers to bypass authentication mechanisms, potentially leading to full control over the device. As a mitigation strategy, users are strongly advised to upgrade to version 9.3.5u.6698_B20230810, which addresses this security concern. Prompt action is crucial to safeguard your network and devices against this exploit.",Totolink,Lr350,5.3,MEDIUM,0.0004400000034365803,false,false,false,true,true,false,false,2024-11-01T11:31:05.723Z,0
CVE-2024-42967,https://securityvulnerability.io/vulnerability/CVE-2024-42967,Access Control Flaw in TOTOLINK Router Models by TOTOLINK,"An access control vulnerability exists in the TOTOLINK LR350 router, specifically in version V9.3.5u.6369_B20220309. The flaw allows attackers to craft a specific request to the '/cgi-bin/ExportSettings.sh' endpoint, which leads to unauthorized access to the APMIB configuration file. This file potentially exposes sensitive information, such as usernames and passwords, facilitating further exploitation of the device and its network. Remediation measures are crucial for users to protect their devices from potential attacks.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.01269999984651804,false,false,false,false,,false,false,2024-08-15T17:15:00.000Z,0
CVE-2024-7214,https://securityvulnerability.io/vulnerability/CVE-2024-7214,Command Injection Vulnerability in TOTOLINK LR350 Products,"A severe command injection vulnerability has been identified in TOTOLINK's LR350 router, specifically in the 'setWanCfg' function of the '/cgi-bin/cstecgi.cgi' file. This flaw allows an attacker to manipulate the 'hostName' argument, potentially leading to unauthorized command execution on the affected device. Because this exploitation can be conducted remotely, it poses a significant security risk to users. It is crucial to note that the vulnerability has been publicly disclosed, and as of now, no response has been received from the vendor regarding any security patches or updates. Users of the affected version are strongly urged to take precautionary measures to protect their devices against potential attacks.",Totolink,Lr350,8.8,HIGH,0.0007300000288523734,false,false,false,true,true,false,false,2024-07-30T03:15:00.000Z,0
CVE-2023-37145,https://securityvulnerability.io/vulnerability/CVE-2023-37145,Command Injection Vulnerability in TOTOLINK Router Products,"TOTOLINK LR350 routers have been identified as having a command injection vulnerability. This flaw is exploited through the hostname parameter in the setOpModeCfg function, potentially allowing attackers to execute arbitrary commands on the system. Users should ensure they are using the latest firmware and follow best security practices to mitigate risks associated with this vulnerability.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.27439001202583313,false,false,false,false,,false,false,2023-07-07T00:00:00.000Z,0
CVE-2023-37148,https://securityvulnerability.io/vulnerability/CVE-2023-37148,Command Injection Vulnerability in TOTOLINK LR350 Router,"The TOTOLINK LR350 router has a command injection vulnerability in the setUssd function, specifically through the ussd parameter. This flaw allows remote attackers to execute arbitrary commands on the affected device, potentially leading to unauthorized access or manipulation of the router's settings. It's crucial for users to address this vulnerability to safeguard their network and prevent potential exploitation.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.27439001202583313,false,false,false,false,,false,false,2023-07-07T00:00:00.000Z,0
CVE-2023-37149,https://securityvulnerability.io/vulnerability/CVE-2023-37149,Command Injection Vulnerability in TOTOLINK Router Software,"The TOTOLINK LR350 router is affected by a command injection flaw found in the setUploadSetting function, specifically via the FileName parameter. This vulnerability could be exploited by an attacker to execute arbitrary commands on the device, potentially compromising the security of the network. Users are encouraged to update to the latest firmware version to mitigate the risks associated with this vulnerability.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.27439001202583313,false,false,false,false,,false,false,2023-07-07T00:00:00.000Z,0
CVE-2023-37146,https://securityvulnerability.io/vulnerability/CVE-2023-37146,,TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.,Totolink,Lr350 Firmware,9.8,CRITICAL,0.27439001202583313,false,false,false,false,,false,false,2023-07-07T00:00:00.000Z,0
CVE-2022-44255,https://securityvulnerability.io/vulnerability/CVE-2022-44255,,TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.,Totolink,Lr350 Firmware,9.8,CRITICAL,0.0017099999822676182,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44258,https://securityvulnerability.io/vulnerability/CVE-2022-44258,,TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function.,Totolink,Lr350 Firmware,8.8,HIGH,0.0007999999797903001,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44250,https://securityvulnerability.io/vulnerability/CVE-2022-44250,,TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.,Totolink,Lr350 Firmware,9.8,CRITICAL,0.025919999927282333,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44259,https://securityvulnerability.io/vulnerability/CVE-2022-44259,,"TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function.",Totolink,Lr350 Firmware,8.8,HIGH,0.0007999999797903001,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44249,https://securityvulnerability.io/vulnerability/CVE-2022-44249,,TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.,Totolink,Lr350 Firmware,9.8,CRITICAL,0.025919999927282333,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44251,https://securityvulnerability.io/vulnerability/CVE-2022-44251,,TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.,Totolink,Lr350 Firmware,9.8,CRITICAL,0.025919999927282333,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44252,https://securityvulnerability.io/vulnerability/CVE-2022-44252,,TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.,Totolink,Lr350 Firmware,9.8,CRITICAL,0.025919999927282333,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44253,https://securityvulnerability.io/vulnerability/CVE-2022-44253,,TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function.,Totolink,Lr350 Firmware,8.8,HIGH,0.0007999999797903001,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44254,https://securityvulnerability.io/vulnerability/CVE-2022-44254,,TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function.,Totolink,Lr350 Firmware,8.8,HIGH,0.0007999999797903001,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44257,https://securityvulnerability.io/vulnerability/CVE-2022-44257,,TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function.,Totolink,Lr350 Firmware,8.8,HIGH,0.0007999999797903001,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44260,https://securityvulnerability.io/vulnerability/CVE-2022-44260,,TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function.,Totolink,Lr350 Firmware,8.8,HIGH,0.0007999999797903001,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0