A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.3.5u.6698_B20230810 is able to address this issue. It is recommended to upgrade the affected component.
History

Tue, 05 Nov 2024 07:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.3.5u.6698_B20230810 is able to address this issue. It is recommended to upgrade the affected component.
Weaknesses CWE-266
CWE-285
References

Fri, 01 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Totolink
Totolink lr350
CPEs cpe:2.3:h:totolink:lr350:-:*:*:*:*:*:*:*
Vendors & Products Totolink
Totolink lr350
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 01 Nov 2024 11:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Title TOTOLINK LR350 formLoginAuth.htm authorization
Weaknesses CWE-639
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-11-01T11:31:05.723Z

Updated: 2024-11-05T07:04:37.847Z

Reserved: 2024-11-01T05:59:04.960Z

Link: CVE-2024-10654

cve-icon Vulnrichment

Updated: 2024-11-01T13:24:52.135Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-01T12:15:03.077

Modified: 2024-11-05T07:15:13.730

Link: CVE-2024-10654

cve-icon Redhat

No data.