Totolink Lr350 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Totolink Lr350 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (36)
CVE-2022-44249 — CVSS 9.8 (critical): TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.
CVE-2022-44250 — CVSS 9.8 (critical): TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.
CVE-2022-44251 — CVSS 9.8 (critical): TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.
CVE-2022-44252 — CVSS 9.8 (critical): TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.
CVE-2022-44255 — CVSS 9.8 (critical): TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.
CVE-2023-37145 — CVSS 9.8 (critical): TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the…
CVE-2023-37146 — CVSS 9.8 (critical): TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the…
CVE-2023-37148 — CVSS 9.8 (critical): TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd…
CVE-2023-37149 — CVSS 9.8 (critical): TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the…
CVE-2024-35099 — CVSS 9.8 (critical): TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth.
CVE-2024-35387 — CVSS 9.8 (critical): TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
CVE-2024-36783 — CVSS 9.8 (critical): TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_time parameter in the NTPSyncWithHost…
CVE-2024-42967 — CVSS 9.8 (critical): Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains…
CVE-2022-44259 — CVSS 8.8 (high): TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the…
CVE-2022-44260 — CVSS 8.8 (high): TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules…
CVE-2026-1158 — CVSS 8.8 (high): A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWizardCfg of the…
CVE-2026-4976 — CVSS 8.8 (high): A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file…
CVE-2026-1155 — CVSS 8.8 (high): A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Affected by this vulnerability is the function setWiFiEasyGuestCfg of…
CVE-2022-44253 — CVSS 8.8 (high): TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function.
CVE-2022-44254 — CVSS 8.8 (high): TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function.
CVE-2022-44257 — CVSS 8.8 (high): TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function.
CVE-2022-44258 — CVSS 8.8 (high): TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function.
CVE-2024-34308 — CVSS 8.8 (high): TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.
CVE-2026-1156 — CVSS 8.8 (high): A vulnerability was determined in Totolink LR350 9.3.5u.6369_B20220309. Affected by this issue is the function setWiFiBasicCfg of the file…
CVE-2026-1157 — CVSS 8.8 (high): A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file…
CVE-2025-63469 — CVSS 7.5 (high): Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_421BAC function. This…
CVE-2025-63463 — CVSS 7.5 (high): Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub_4232EC function. This…
CVE-2025-63464 — CVSS 7.5 (high): Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_42396C function. This…
CVE-2025-63465 — CVSS 7.5 (high): Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_422880 function. This…
CVE-2025-63466 — CVSS 7.5 (high): Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function…
CVE-2025-63467 — CVSS 7.5 (high): Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This…
CVE-2025-63468 — CVSS 7.5 (high): Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the sub_426EF8 function…
CVE-2026-1149 — CVSS 6.3 (medium): A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This issue affects the function setDiagnosisCfg of the file…
CVE-2024-7214 — CVSS 6.3 (medium): A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369_B20220309 and classified as critical. Affected by this vulnerability is the…
CVE-2026-1150 — CVSS 6.3 (medium): A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the function setTracerouteCfg of the file…
CVE-2024-10654 — CVSS 5.3 (medium): A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown…