Known Vulnerabilities
CVE-2024-36783
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost function.
CRITICAL
CVSS 9.8
Published
CVE-2024-34308
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.
HIGH
CVSS 8.8
Published
CVE-2024-42967
Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.
CRITICAL
CVSS 9.8
Published Aug 15, 2024