A3300R
by Totolink
Source repositories
CVEs (65)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-31181 | Cri | 0.64 | 9.8 | 0.01 | Apr 23, 2026 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi. | ||
| CVE-2026-31178 | Cri | 0.64 | 9.8 | 0.01 | Apr 23, 2026 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi. | ||
| CVE-2026-31177 | Cri | 0.64 | 9.8 | 0.01 | Apr 23, 2026 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi. | ||
| CVE-2026-31175 | Cri | 0.64 | 9.8 | 0.01 | Apr 23, 2026 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi. | ||
| CVE-2026-31170 | Cri | 0.64 | 9.8 | 0.01 | Apr 9, 2026 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun-pass parameter to /cgi-bin/cstecgi.cgi. | ||
| CVE-2025-52046 | Cri | 0.64 | 9.8 | 0.05 | Jul 17, 2025 | Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request. | ||
| CVE-2024-24333 | Cri | 0.64 | 9.8 | 0.02 | Jan 30, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function. | ||
| CVE-2024-24332 | Cri | 0.64 | 9.8 | 0.02 | Jan 30, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function. | ||
| CVE-2024-24331 | Cri | 0.64 | 9.8 | 0.02 | Jan 30, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function. | ||
| CVE-2024-24330 | Cri | 0.64 | 9.8 | 0.02 | Jan 30, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function. | ||
| CVE-2024-24329 | Cri | 0.64 | 9.8 | 0.06 | Jan 30, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function. | ||
| CVE-2024-24328 | Cri | 0.64 | 9.8 | 0.06 | Jan 30, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function. | ||
| CVE-2024-24327 | Cri | 0.64 | 9.8 | 0.02 | Jan 30, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function. | ||
| CVE-2024-24326 | Cri | 0.64 | 9.8 | 0.02 | Jan 30, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function. | ||
| CVE-2024-24325 | Cri | 0.64 | 9.8 | 0.02 | Jan 30, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function. | ||
| CVE-2024-23061 | Cri | 0.64 | 9.8 | 0.02 | Jan 11, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function. | ||
| CVE-2024-23060 | Cri | 0.64 | 9.8 | 0.02 | Jan 11, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function. | ||
| CVE-2024-23059 | Cri | 0.64 | 9.8 | 0.02 | Jan 11, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function. | ||
| CVE-2024-23058 | Cri | 0.64 | 9.8 | 0.02 | Jan 11, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function. | ||
| CVE-2024-23057 | Cri | 0.64 | 9.8 | 0.02 | Jan 11, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function. |
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun-pass parameter to /cgi-bin/cstecgi.cgi.
- risk 0.64cvss 9.8epss 0.05
Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.
- risk 0.64cvss 9.8epss 0.06
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.
- risk 0.64cvss 9.8epss 0.06
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.
Page 1 of 4