CVE-2023-37146: Command Injection
First published: Fri Jul 07 2023(Updated: )
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Totolink Lr350 Firmware | =9.3.5u.6369_b20220309 | |
| TOTOLINK LR350 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for TOTOLINK LR350 command injection vulnerability?
The vulnerability ID for TOTOLINK LR350 command injection vulnerability is CVE-2023-37146.
What software version is affected by the TOTOLINK LR350 command injection vulnerability?
The TOTOLINK LR350 command injection vulnerability affects software version 9.3.5u.6369_b20220309.
How severe is the TOTOLINK LR350 command injection vulnerability?
The severity of the TOTOLINK LR350 command injection vulnerability is rated as critical with a severity value of 9.8.
What is the Common Weakness Enumeration (CWE) ID for the TOTOLINK LR350 command injection vulnerability?
The Common Weakness Enumeration (CWE) ID for the TOTOLINK LR350 command injection vulnerability is CWE-77.
Is there a fix available for the TOTOLINK LR350 command injection vulnerability?
A fix or security patch for the TOTOLINK LR350 command injection vulnerability may be available from the vendor. It is recommended to check with TOTOLINK for the latest updates.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/weakness
- agent/description
- agent/tags
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/totolink
- canonical/totolink lr350 firmware
- version/totolink lr350 firmware/9.3.5u.6369_b20220309
- canonical/totolink lr350