CVE-2024-10654

MEDIUM

TOTOLINK LR350 <= 9.3.5u.6369 - Authorization Bypass via authCode Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-10654. PoCs published by adminlove520, c0nyy.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2024-10654, demonstrating an authentication bypass vulnerability in TOTOLINK LR350 and T6 devices. The PoC involves manipulating the 'authCode' parameter to bypass login requirements.

Description

A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.3.5u.6698_B20230810 is able to address this issue. It is recommended to upgrade the affected component.

Exploits (2)

github WORKING POC 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2024/CVE-2024-10654

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2024-10654, demonstrating an authentication bypass vulnerability in TOTOLINK LR350 and T6 devices. The PoC involves manipulating the 'authCode' parameter to bypass login requirements.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: TOTOLINK LR350 (V9.3.5u.6369_B20220309), TOTOLINK T6 (V4.1.5cu.748_B20211015)

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC

by c0nyy · poc

https://github.com/c0nyy/IoT_vuln

View Code ZIP pw:eip

The repository contains a functional proof-of-concept for an authentication bypass vulnerability in TOTOLINK LR350 and T6 devices. The exploit manipulates the 'authCode' and 'goURL' parameters in a GET request to bypass login authentication.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: TOTOLINK LR350 (V9.3.5u.6369_B20220309) and T6 (V4.1.5cu.748_B20211015)

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1110 - Brute Force T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.282667

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.282667

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.434801

Exploit, Third Party Advisory exploit

https://github.com/c0nyy/IoT_vuln/blob/main/TOTOLINK%20LR350%20Vuln.md

View Exploit ZIP pw:eip

Product patch

https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/231/ids/36.html

Product product

https://www.totolink.net/

Scores

CVSS v3 5.3

EPSS 0.0153

EPSS Percentile 71.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-266 CWE-285 CWE-639

Status published

Products (1)

totolink/lr350_firmware 9.3.5u.6369_b20220309

Published Nov 01, 2024

Tracked Since Feb 18, 2026