cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-42967,https://securityvulnerability.io/vulnerability/CVE-2024-42967,Access Control Flaw in TOTOLINK Router Models by TOTOLINK,"An access control vulnerability exists in the TOTOLINK LR350 router, specifically in version V9.3.5u.6369_B20220309. The flaw allows attackers to craft a specific request to the '/cgi-bin/ExportSettings.sh' endpoint, which leads to unauthorized access to the APMIB configuration file. This file potentially exposes sensitive information, such as usernames and passwords, facilitating further exploitation of the device and its network. Remediation measures are crucial for users to protect their devices from potential attacks.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.01269999984651804,false,false,false,false,,false,false,2024-08-15T17:15:00.000Z,0
CVE-2023-37145,https://securityvulnerability.io/vulnerability/CVE-2023-37145,Command Injection Vulnerability in TOTOLINK Router Products,"TOTOLINK LR350 routers have been identified as having a command injection vulnerability. This flaw is exploited through the hostname parameter in the setOpModeCfg function, potentially allowing attackers to execute arbitrary commands on the system. Users should ensure they are using the latest firmware and follow best security practices to mitigate risks associated with this vulnerability.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.27439001202583313,false,false,false,false,,false,false,2023-07-07T00:00:00.000Z,0
CVE-2023-37149,https://securityvulnerability.io/vulnerability/CVE-2023-37149,Command Injection Vulnerability in TOTOLINK Router Software,"The TOTOLINK LR350 router is affected by a command injection flaw found in the setUploadSetting function, specifically via the FileName parameter. This vulnerability could be exploited by an attacker to execute arbitrary commands on the device, potentially compromising the security of the network. Users are encouraged to update to the latest firmware version to mitigate the risks associated with this vulnerability.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.27439001202583313,false,false,false,false,,false,false,2023-07-07T00:00:00.000Z,0
CVE-2023-37146,https://securityvulnerability.io/vulnerability/CVE-2023-37146,Command Injection Vulnerability in TOTOLINK LR350 Device,"The TOTOLINK LR350 device version V9.3.5u.6369_B20220309 has been identified with a command injection flaw, which allows attackers to exploit the FileName parameter within the UploadFirmwareFile function. This vulnerability can enable unauthorized command execution, leading to potential manipulation of the device's settings or complete system compromise. It emphasizes the importance of safeguarding network devices against such security risks to maintain integrity and confidentiality.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.27439001202583313,false,false,false,false,,false,false,2023-07-07T00:00:00.000Z,0
CVE-2023-37148,https://securityvulnerability.io/vulnerability/CVE-2023-37148,Command Injection Vulnerability in TOTOLINK LR350 Router,"The TOTOLINK LR350 router has a command injection vulnerability in the setUssd function, specifically through the ussd parameter. This flaw allows remote attackers to execute arbitrary commands on the affected device, potentially leading to unauthorized access or manipulation of the router's settings. It's crucial for users to address this vulnerability to safeguard their network and prevent potential exploitation.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.27439001202583313,false,false,false,false,,false,false,2023-07-07T00:00:00.000Z,0
CVE-2022-44257,https://securityvulnerability.io/vulnerability/CVE-2022-44257,,TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function.,Totolink,Lr350 Firmware,8.8,HIGH,0.0007999999797903001,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44260,https://securityvulnerability.io/vulnerability/CVE-2022-44260,,TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function.,Totolink,Lr350 Firmware,8.8,HIGH,0.0007999999797903001,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44255,https://securityvulnerability.io/vulnerability/CVE-2022-44255,,TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.,Totolink,Lr350 Firmware,9.8,CRITICAL,0.0017099999822676182,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44250,https://securityvulnerability.io/vulnerability/CVE-2022-44250,,TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.,Totolink,Lr350 Firmware,9.8,CRITICAL,0.025919999927282333,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44249,https://securityvulnerability.io/vulnerability/CVE-2022-44249,,TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.,Totolink,Lr350 Firmware,9.8,CRITICAL,0.025919999927282333,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44259,https://securityvulnerability.io/vulnerability/CVE-2022-44259,,"TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function.",Totolink,Lr350 Firmware,8.8,HIGH,0.0007999999797903001,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44258,https://securityvulnerability.io/vulnerability/CVE-2022-44258,,TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function.,Totolink,Lr350 Firmware,8.8,HIGH,0.0007999999797903001,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44251,https://securityvulnerability.io/vulnerability/CVE-2022-44251,,TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.,Totolink,Lr350 Firmware,9.8,CRITICAL,0.025919999927282333,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44252,https://securityvulnerability.io/vulnerability/CVE-2022-44252,,TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.,Totolink,Lr350 Firmware,9.8,CRITICAL,0.025919999927282333,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44253,https://securityvulnerability.io/vulnerability/CVE-2022-44253,,TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function.,Totolink,Lr350 Firmware,8.8,HIGH,0.0007999999797903001,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0
CVE-2022-44254,https://securityvulnerability.io/vulnerability/CVE-2022-44254,,TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function.,Totolink,Lr350 Firmware,8.8,HIGH,0.0007999999797903001,false,false,false,false,,false,false,2022-11-23T00:00:00.000Z,0