Rew1X

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A702R version 4.0.0-B20211108.1423 **Description** A buffer overflow issue exists in the `sub 419BE0` function of the `/boafrm/formIpQoS` file. Manipulation of the `mac` argument causes the overflow, and the attack can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A702R version 4.0.0-B20211108.1423 **Description** A buffer overflow vulnerability exists in the function `sub 4162DC` located in the file `/boafrm/formFilter`. Manipulation of the `ip6addr` argument can trigger the vulnerability, allowing for remote attacks. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A702R version 4.0.0-B20211108.1423 **Description** A buffer overflow issue exists in the `sub 4466F8` function of the `/boafrm/formOneKeyAccessButton` file. The vulnerability is triggered by manipulating the `submit-url` argument, allowing for remote exploitation. The exploit has been made public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A702R version 4.0.0-B20211108.1423 **Description** A buffer overflow issue exists in the `sub 418030` function of the `/boafrm/formParentControl` file. Manipulation of the `submit-url` argument can trigger this issue, potentially allowing for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A702R version 4.0.0-B20211108.1423 **Description** A vulnerability exists in TOTOLINK A702R that allows for a remote buffer overflow. The issue is located in the `sub 4162DC` function of the `/boafrm/formFilter` file. The vulnerability is triggered by manipulating the `ip6addr` argument. The exploit for this issue is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK N350R version 1.2.3-B20130826 Description: A vulnerability exists in the Telnet Service component of TOTOLINK N350R. The issue affects the `formSysTel` function within the `/boafrm/formSysTel` file. Manipulation of the `TelEnabled` argument can lead to the creation of a backdoor, allowing for remote attacks. The exploit has been publicly disclosed and may be used. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK N350R version 1.2.3-B20130826 Description: A vulnerability exists in TOTOLINK N350R that allows for remote command injection. The issue affects unknown code within the `/boafrm/formSysCmd` file. Manipulation of this file can lead to the execution of arbitrary commands. The exploit for this issue has been publicly disclosed and may be actively used. Recommendations: TOTOLINK N350R version 1.2.3-B20130826: At the moment, there is no information about a newer version that contains a fix for this vulnerability.