PT-2024-25781 · Totolink · Totolink Lr350
Published
2024-05-08
·
Updated
2024-07-03
·
CVE-2024-34308
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TOTOLINK LR350 version 9.3.5u.6369 B20220309
Description
A stack overflow issue was discovered, related to the
password parameter in the urldecode function.Recommendations
For TOTOLINK LR350 version 9.3.5u.6369 B20220309, avoid using the
password parameter in the affected function until a fix is available. As a temporary workaround, consider restricting access to the urldecode function to minimize the risk of exploitation.Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink Lr350