Metrics
Affected Vendors & Products
Tue, 05 Nov 2024 07:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.3.5u.6698_B20230810 is able to address this issue. It is recommended to upgrade the affected component. |
Weaknesses | CWE-266 CWE-285 |
|
References |
|
Fri, 01 Nov 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Totolink
Totolink lr350 |
|
CPEs | cpe:2.3:h:totolink:lr350:-:*:*:*:*:*:*:* | |
Vendors & Products |
Totolink
Totolink lr350 |
|
Metrics |
ssvc
|
Fri, 01 Nov 2024 11:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |
Title | TOTOLINK LR350 formLoginAuth.htm authorization | |
Weaknesses | CWE-639 | |
References |
| |
Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published: 2024-11-01T11:31:05.723Z
Updated: 2024-11-05T07:04:37.847Z
Reserved: 2024-11-01T05:59:04.960Z
Link: CVE-2024-10654
Updated: 2024-11-01T13:24:52.135Z
Status : Awaiting Analysis
Published: 2024-11-01T12:15:03.077
Modified: 2024-11-05T07:15:13.730
Link: CVE-2024-10654
No data.