TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.
2022-11-23T16:15:10.470
2025-04-25T21:15:34.723
Modified
CVSSv3.1: 9.8 (CRITICAL)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | totolink | lr350_firmware | 9.3.5u.6369_b20220309 | Yes |
| Hardware | totolink | lr350 | - | No |