L0Tk3

**Name of the Vulnerable Software and Affected Versions** TOTOLINK N200RE version 9.3.5u.6437 B20230519 **Description** The TOTOLINK N200RE router firmware contains a command injection flaw in the `setOpModeCfg` function through the `hostName` parameter. This allows for potential unauthorized control of the system. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `setOpModeCfg` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3300R version V17.0.0cu.557 B20221024 TOTOLINK N200RE versions V9.3.5u.6448 B20240521 and V9.3.5u.6437 B20230519 **Description** The devices are susceptible to an Incorrect Access Control issue, allowing attackers to send payloads to the interface without authentication, enabling remote exploitation. **Recommendations** TOTOLINK A3300R version V17.0.0cu.557 B20221024: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TOTOLINK N200RE version V9.3.5u.6448 B20240521: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TOTOLINK N200RE version V9.3.5u.6437 B20230519: At the moment, there is no information about a newer version that contains a fix for this vulnerability.