DaDong-G

CVE-2023-37144 WRITEUP CRITICAL WRITEUP

Tendacn Ac10 Firmware - Command Injection

Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.

CVSS 9.8

View Code

CVE-2023-37145 WRITEUP CRITICAL WRITEUP

Totolink Lr350 Firmware - Command Injection

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.

CVSS 9.8

View Code

CVE-2023-37146 WRITEUP CRITICAL WORKING POC

Totolink Lr350 Firmware - Command Injection

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.

CVSS 9.8

View Code

CVE-2023-37148 WRITEUP CRITICAL WRITEUP

Totolink Lr350 Firmware - Command Injection

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function.

CVSS 9.8

View Code

CVE-2023-37149 WRITEUP CRITICAL WRITEUP

Totolink Lr350 Firmware - Command Injection

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.

CVSS 9.8

View Code