cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10654,https://securityvulnerability.io/vulnerability/CVE-2024-10654,Authorization Bypass Vulnerability in TOTOLINK LR350,"A critical authorization bypass vulnerability has been identified in the TOTOLINK LR350 router, specifically affecting versions up to 9.3.5u.6369. This vulnerability is associated with the manipulation of the authentication parameter 'authCode' within the /formLoginAuth.htm file, allowing unauthorized users to gain access remotely. The flaw poses significant risks as it enables attackers to bypass authentication mechanisms, potentially leading to full control over the device. As a mitigation strategy, users are strongly advised to upgrade to version 9.3.5u.6698_B20230810, which addresses this security concern. Prompt action is crucial to safeguard your network and devices against this exploit.",Totolink,Lr350,5.3,MEDIUM,0.0004400000034365803,false,,false,false,true,2024-11-01T11:31:05.000Z,true,false,false,,2024-11-01T11:31:05.723Z,0
CVE-2024-42967,https://securityvulnerability.io/vulnerability/CVE-2024-42967,Access Control Flaw in TOTOLINK Router Models by TOTOLINK,"An access control vulnerability exists in the TOTOLINK LR350 router, specifically in version V9.3.5u.6369_B20220309. The flaw allows attackers to craft a specific request to the '/cgi-bin/ExportSettings.sh' endpoint, which leads to unauthorized access to the APMIB configuration file. This file potentially exposes sensitive information, such as usernames and passwords, facilitating further exploitation of the device and its network. Remediation measures are crucial for users to protect their devices from potential attacks.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.01686999946832657,false,,false,false,false,,,false,false,,2024-08-15T17:15:00.000Z,0
CVE-2024-7214,https://securityvulnerability.io/vulnerability/CVE-2024-7214,Command Injection Vulnerability in TOTOLINK LR350 Products,"A severe command injection vulnerability has been identified in TOTOLINK's LR350 router, specifically in the 'setWanCfg' function of the '/cgi-bin/cstecgi.cgi' file. This flaw allows an attacker to manipulate the 'hostName' argument, potentially leading to unauthorized command execution on the affected device. Because this exploitation can be conducted remotely, it poses a significant security risk to users. It is crucial to note that the vulnerability has been publicly disclosed, and as of now, no response has been received from the vendor regarding any security patches or updates. Users of the affected version are strongly urged to take precautionary measures to protect their devices against potential attacks.",Totolink,Lr350,8.8,HIGH,0.0006600000197067857,false,,false,false,true,2024-07-30T02:15:00.000Z,true,false,false,,2024-07-30T03:15:00.000Z,0
CVE-2023-37145,https://securityvulnerability.io/vulnerability/CVE-2023-37145,Command Injection Vulnerability in TOTOLINK Router Products,"TOTOLINK LR350 routers have been identified as having a command injection vulnerability. This flaw is exploited through the hostname parameter in the setOpModeCfg function, potentially allowing attackers to execute arbitrary commands on the system. Users should ensure they are using the latest firmware and follow best security practices to mitigate risks associated with this vulnerability.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.23465999960899353,false,,false,false,false,,,false,false,,2023-07-07T00:00:00.000Z,0
CVE-2023-37149,https://securityvulnerability.io/vulnerability/CVE-2023-37149,Command Injection Vulnerability in TOTOLINK Router Software,"The TOTOLINK LR350 router is affected by a command injection flaw found in the setUploadSetting function, specifically via the FileName parameter. This vulnerability could be exploited by an attacker to execute arbitrary commands on the device, potentially compromising the security of the network. Users are encouraged to update to the latest firmware version to mitigate the risks associated with this vulnerability.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.23465999960899353,false,,false,false,false,,,false,false,,2023-07-07T00:00:00.000Z,0
CVE-2023-37146,https://securityvulnerability.io/vulnerability/CVE-2023-37146,Command Injection Vulnerability in TOTOLINK LR350 Device,"The TOTOLINK LR350 device version V9.3.5u.6369_B20220309 has been identified with a command injection flaw, which allows attackers to exploit the FileName parameter within the UploadFirmwareFile function. This vulnerability can enable unauthorized command execution, leading to potential manipulation of the device's settings or complete system compromise. It emphasizes the importance of safeguarding network devices against such security risks to maintain integrity and confidentiality.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.23465999960899353,false,,false,false,false,,,false,false,,2023-07-07T00:00:00.000Z,0
CVE-2023-37148,https://securityvulnerability.io/vulnerability/CVE-2023-37148,Command Injection Vulnerability in TOTOLINK LR350 Router,"The TOTOLINK LR350 router has a command injection vulnerability in the setUssd function, specifically through the ussd parameter. This flaw allows remote attackers to execute arbitrary commands on the affected device, potentially leading to unauthorized access or manipulation of the router's settings. It's crucial for users to address this vulnerability to safeguard their network and prevent potential exploitation.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.23465999960899353,false,,false,false,false,,,false,false,,2023-07-07T00:00:00.000Z,0
CVE-2022-44257,https://securityvulnerability.io/vulnerability/CVE-2022-44257,Buffer Overflow Vulnerability in TOTOLINK Router Software,"The TOTOLINK LR350 router is susceptible to a post-authentication buffer overflow, specifically within the setOpModeCfg function due to an improperly handled parameter 'pppoeUser'. This vulnerability enables attackers to manipulate buffer memory, potentially leading to arbitrary code execution and system compromise.",Totolink,Lr350 Firmware,8.8,HIGH,0.0007999999797903001,false,,false,false,false,,,false,false,,2022-11-23T00:00:00.000Z,0
CVE-2022-44258,https://securityvulnerability.io/vulnerability/CVE-2022-44258,Buffer Overflow Vulnerability in TOTOLINK LR350 Router,"The TOTOLINK LR350 router, specifically version 9.3.5u.6369_B20220309, suffers from a buffer overflow vulnerability due to improper handling of the 'command' parameter in the 'setTracerouteCfg' function. This flaw occurs post-authentication, allowing an authenticated user to exploit this weakness, leading to potential unauthorized access or denial of service, which could compromise the router's functionality and security.",Totolink,Lr350 Firmware,8.8,HIGH,0.0007999999797903001,false,,false,false,false,,,false,false,,2022-11-23T00:00:00.000Z,0
CVE-2022-44249,https://securityvulnerability.io/vulnerability/CVE-2022-44249,Command Injection Vulnerability in TOTOLINK NR1800X,"The TOTOLINK NR1800X, specifically in version V9.1.0u.6279_B20210910, is susceptible to a command injection vulnerability. This defect occurs through the FileName parameter within the UploadFirmwareFile function, allowing unauthorized commands to be executed. Exploitation of this vulnerability could enable an attacker to gain control over the affected system, emphasizing the need for immediate updates and validation of input parameters.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.025919999927282333,false,,false,false,false,,,false,false,,2022-11-23T00:00:00.000Z,0
CVE-2022-44260,https://securityvulnerability.io/vulnerability/CVE-2022-44260,Post-Authentication Buffer Overflow in TOTOLINK Router Products,"The TOTOLINK LR350 is susceptible to a post-authentication buffer overflow vulnerability, which can be exploited via the parameters sPort or ePort in the setIpPortFilterRules function. This flaw may allow an attacker to execute arbitrary code, potentially compromising the integrity and availability of the device and the network it serves. Securing your router by updating to the latest firmware and applying recommended security practices is essential to mitigate this risk.",Totolink,Lr350 Firmware,8.8,HIGH,0.0007999999797903001,false,,false,false,false,,,false,false,,2022-11-23T00:00:00.000Z,0
CVE-2022-44259,https://securityvulnerability.io/vulnerability/CVE-2022-44259,Buffer Overflow Vulnerability in TOTOLINK LR350 Router,"The TOTOLINK LR350 router version V9.3.5u.6369_B20220309 is susceptible to a post-authentication buffer overflow, allowing for potential exploitation through manipulated parameters such as week, sTime, and eTime within the setParentalRules function. This vulnerability can permit unauthorized access to sensitive system controls, potentially compromising the device's security.",Totolink,Lr350 Firmware,8.8,HIGH,0.0007999999797903001,false,,false,false,false,,,false,false,,2022-11-23T00:00:00.000Z,0
CVE-2022-44250,https://securityvulnerability.io/vulnerability/CVE-2022-44250,Command Injection Vulnerability in TOTOLINK NR1800X Router,"The TOTOLINK NR1800X router is susceptible to a command injection vulnerability due to improper handling of the hostName parameter within the setOpModeCfg function. An attacker could exploit this flaw to execute arbitrary commands on the affected device, potentially leading to unauthorized access and control over the router's configuration. It is crucial for users to secure their devices and apply available patches to mitigate the risks associated with this vulnerability.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.025919999927282333,false,,false,false,false,,,false,false,,2022-11-23T00:00:00.000Z,0
CVE-2022-44251,https://securityvulnerability.io/vulnerability/CVE-2022-44251,Command Injection Vulnerability in TOTOLINK NR1800X Router,"The TOTOLINK NR1800X router, specifically version V9.1.0u.6279_B20210910, is susceptible to a command injection vulnerability. This occurs through the 'ussd' parameter in the 'setUssd' function, allowing potential attackers to execute arbitrary commands on the device. Exploitation of this vulnerability can compromise the integrity and security of the network, highlighting the necessity for timely updates and security measures.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.025919999927282333,false,,false,false,false,,,false,false,,2022-11-23T00:00:00.000Z,0
CVE-2022-44252,https://securityvulnerability.io/vulnerability/CVE-2022-44252,Command Injection Vulnerability in TOTOLINK NR1800X,"TOTOLINK NR1800X V9.1.0u.6279_B20210910 is vulnerable to command injection through the FileName parameter in the setUploadSetting function. Attackers can exploit this vulnerability to execute arbitrary commands on the device, potentially compromising its integrity and allowing unauthorized access or manipulation. This issue highlights the importance of securing network devices against input validation vulnerabilities to protect user data and maintain system security.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.025919999927282333,false,,false,false,false,,,false,false,,2022-11-23T00:00:00.000Z,0
CVE-2022-44253,https://securityvulnerability.io/vulnerability/CVE-2022-44253,Post-Authentication Buffer Overflow in TOTOLINK Router,"The TOTOLINK LR350 router, specifically version V9.3.5u.6369_B20220309, is susceptible to a buffer overflow vulnerability that occurs after user authentication. This vulnerability emerges in the setDiagnosisCfg function via the 'ip' parameter. If exploited, an attacker could manipulate this vulnerability to potentially execute arbitrary code or disrupt normal operation, posing significant risks to network security.",Totolink,Lr350 Firmware,8.8,HIGH,0.0007999999797903001,false,,false,false,false,,,false,false,,2022-11-23T00:00:00.000Z,0
CVE-2022-44254,https://securityvulnerability.io/vulnerability/CVE-2022-44254,Buffer Overflow Vulnerability in TOTOLINK Router Product,"The TOTOLINK LR350 router versions up to V9.3.5u.6369_B20220309 are susceptible to a post-authentication buffer overflow vulnerability. This flaw occurs through improper handling of input in the setSmsCfg function, specifically via the 'text' parameter. Exploitation of this vulnerability may allow an authenticated attacker to execute arbitrary code on the device, potentially leading to unauthorized access and control.",Totolink,Lr350 Firmware,8.8,HIGH,0.0007999999797903001,false,,false,false,false,,,false,false,,2022-11-23T00:00:00.000Z,0
CVE-2022-44255,https://securityvulnerability.io/vulnerability/CVE-2022-44255,Buffer Overflow Vulnerability in TOTOLINK Router,"The TOTOLINK LR350 router is vulnerable to a pre-authentication buffer overflow in its main function, triggered by overly long POST data. This flaw allows an attacker to exploit the router potentially, leading to unauthorized code execution or service interruption, thereby compromising system integrity and security.",Totolink,Lr350 Firmware,9.8,CRITICAL,0.0017099999822676182,false,,false,false,false,,,false,false,,2022-11-23T00:00:00.000Z,0