CVE-2024-36783 | Totolink LR350 9.3.5u.6369_B20220309 NTPSyncWithHost host_time command injection

Posted by Angelo Barbosa | Jun 3, 2024 | CVE

A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. It has been rated as critical. Affected by this issue is the function NTPSyncWithHost. The manipulation of the argument host_time leads to command injection.

This vulnerability is handled as CVE-2024-36783. The attack needs to be approached within the local network. There is no exploit available.

CVE-2024-36783 | Totolink LR350 9.3.5u.6369_B20220309 NTPSyncWithHost host_time command injection

Related Posts

CVE-2022-24806 | Net-SNMP up to 5.9.1 OID input validation

CVE-2024-35639 | Webliberty Simple Spoiler Plugin up to 1.2 on WordPress cross site scripting

CVE-2023-6738 | PageLayer Plugin up to 1.7.8 on WordPress Meta Field cross site scripting

CVE-2024-39459 | Plain Credentials Plugin up to 182.v468b_97b_9dcb_8 on Jenkins cleartext storage