Totolink N350rt_firmware
21 CVEs affecting Totolink N350rt_firmware. Latest disclosed: 2025-07-17. Critical: 2, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-51630 | Critical | 9.8 | 2025-07-17 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buffer overflow via the ePort parameter in the function setIpPortFilterRules. |
CVE-2024-42966 | Critical | 9.8 | 2024-08-15 | Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the… |
CVE-2024-7462 | High | 8.8 | 2024-08-05 | A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This affects the function setWizardCfg of the file /cgi-bin/cst… |
CVE-2024-7333 | High | 8.8 | 2024-08-01 | A vulnerability was found in TOTOLINK N350RT 9.3.5u.6139_B20201216. It has been declared as critical. This vulnerability affects the function setParentalRules… |
CVE-2022-36488 | High | 7.8 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules. |
CVE-2022-36487 | High | 7.8 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. |
CVE-2022-36486 | High | 7.8 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFil… |
CVE-2022-36485 | High | 7.8 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. |
CVE-2022-36484 | High | 7.8 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the function setDiagnosisCfg. |
CVE-2022-36483 | High | 7.8 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the pppoeUser parameter. |
CVE-2022-36482 | High | 7.8 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the lang parameter in the function setLanguageCfg. |
CVE-2022-36481 | High | 7.8 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg. |
CVE-2022-36480 | High | 7.8 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg. |
CVE-2022-36479 | High | 7.8 | 2022-08-25 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost. |
CVE-2024-0570 | High | 7.3 | 2024-01-16 | A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of th… |
CVE-2023-7219 | High | 7.2 | 2024-01-09 | A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical. Affected by this vulnerability is the function loginAuth of t… |
CVE-2023-7218 | High | 7.2 | 2024-01-08 | A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cs… |
CVE-2023-7214 | Medium | 6.3 | 2024-01-07 | A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the… |
CVE-2023-7213 | Medium | 6.3 | 2024-01-07 | A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this vulnerability is the function main of the file /cgi… |
CVE-2023-7187 | Medium | 5.5 | 2023-12-31 | A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-… |