All 9 CVE vulnerabilities found in LR350, with AI-generated Chinese analysis, references, and POCs.
Vendor: TOTOLINK
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2026-4976 | Totolink LR350 cstecgi.cgi setWiFiGuestCfg buffer overflow CWE-120 | 8.8 | High | 2026-03-27 |
| CVE-2026-1158 | Totolink LR350 POST Request cstecgi.cgi setWizardCfg buffer overflow CWE-120 | 8.8 | High | 2026-01-19 |
| CVE-2026-1157 | Totolink LR350 cstecgi.cgi setWiFiEasyCfg buffer overflow CWE-120 | 8.8 | High | 2026-01-19 |
| CVE-2026-1156 | Totolink LR350 cstecgi.cgi setWiFiBasicCfg buffer overflow CWE-120 | 8.8 | High | 2026-01-19 |
| CVE-2026-1155 | Totolink LR350 cstecgi.cgi setWiFiEasyGuestCfg buffer overflow CWE-120 | 8.8 | High | 2026-01-19 |
| CVE-2026-1150 | Totolink LR350 POST Request cstecgi.cgi setTracerouteCfg command injection CWE-77 | 6.3 | Medium | 2026-01-19 |
| CVE-2026-1149 | Totolink LR350 POST Request cstecgi.cgi setDiagnosisCfg command injection CWE-77 | 6.3 | Medium | 2026-01-19 |
| CVE-2024-10654 | TOTOLINK LR350 formLoginAuth.htm authorization CWE-639 | 5.3 | Medium | 2024-11-01 |
| CVE-2024-7214 | TOTOLINK LR350 cstecgi.cgi setWanCfg command injection CWE-77 | 6.3 | Medium | 2024-07-30 |
All 9 known CVE vulnerabilities affecting LR350 with full Chinese analysis, references, and POCs where available.