Lr350 Firmware
Monthly
Buffer overflow in Totolik LR350 firmware allows authenticated remote attackers to achieve full system compromise through malicious SSID parameters in the wizard configuration endpoint. Public exploit code is available for this vulnerability, and no patch has been released, leaving deployed devices at immediate risk. The flaw requires valid credentials but enables complete confidentiality, integrity, and availability violations with network-level access.
Stack-based buffer overflow in Totolink LR350 firmware (version 9.3.5u.6369_B20220309) allows authenticated remote attackers to achieve complete system compromise through manipulation of the ssid parameter in the WiFi configuration function. Public exploit code is available and no patch has been released, leaving affected devices vulnerable to active exploitation. The vulnerability requires valid credentials but poses critical risk due to high-impact consequences including arbitrary code execution.
Unauthenticated remote attackers can exploit a buffer overflow in the WiFi configuration function of Totolink LR350 firmware version 9.3.5u.6369_B20220309 to achieve remote code execution with full system compromise. The vulnerability exists in the ssid parameter handler of /cgi-bin/cstecgi.cgi and requires only network access to trigger, with public exploit code already available. No patch is currently available for affected devices.
Buffer overflow in Totolink LR350 firmware allows authenticated remote attackers to achieve complete system compromise through a malformed SSID parameter in the WiFi guest configuration function. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.
Command injection in Totolik LR350 firmware through the setTracerouteCfg function allows authenticated remote attackers to execute arbitrary system commands via a malicious POST request to /cgi-bin/cstecgi.cgi. Public exploit code is available and the vulnerability remains unpatched, creating immediate risk for deployed devices. An attacker with network access and valid credentials can achieve code execution with full device compromise potential.
Command injection in Totolink LR350 firmware allows authenticated remote attackers to execute arbitrary commands through the ip parameter in the setDiagnosisCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected users should restrict access to the affected device until a fix is released.
Buffer overflow in Totolik LR350 firmware allows authenticated remote attackers to achieve full system compromise through malicious SSID parameters in the wizard configuration endpoint. Public exploit code is available for this vulnerability, and no patch has been released, leaving deployed devices at immediate risk. The flaw requires valid credentials but enables complete confidentiality, integrity, and availability violations with network-level access.
Stack-based buffer overflow in Totolink LR350 firmware (version 9.3.5u.6369_B20220309) allows authenticated remote attackers to achieve complete system compromise through manipulation of the ssid parameter in the WiFi configuration function. Public exploit code is available and no patch has been released, leaving affected devices vulnerable to active exploitation. The vulnerability requires valid credentials but poses critical risk due to high-impact consequences including arbitrary code execution.
Unauthenticated remote attackers can exploit a buffer overflow in the WiFi configuration function of Totolink LR350 firmware version 9.3.5u.6369_B20220309 to achieve remote code execution with full system compromise. The vulnerability exists in the ssid parameter handler of /cgi-bin/cstecgi.cgi and requires only network access to trigger, with public exploit code already available. No patch is currently available for affected devices.
Buffer overflow in Totolink LR350 firmware allows authenticated remote attackers to achieve complete system compromise through a malformed SSID parameter in the WiFi guest configuration function. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.
Command injection in Totolik LR350 firmware through the setTracerouteCfg function allows authenticated remote attackers to execute arbitrary system commands via a malicious POST request to /cgi-bin/cstecgi.cgi. Public exploit code is available and the vulnerability remains unpatched, creating immediate risk for deployed devices. An attacker with network access and valid credentials can achieve code execution with full device compromise potential.
Command injection in Totolink LR350 firmware allows authenticated remote attackers to execute arbitrary commands through the ip parameter in the setDiagnosisCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected users should restrict access to the affected device until a fix is released.