VYPR

A3300R

by Totolink

Source repositories

CVEs (65)

  • CVE-2026-31181CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31178CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31177CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31175CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31170CriApr 9, 2026
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun-pass parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2025-52046CriJul 17, 2025
    risk 0.64cvss 9.8epss 0.05

    Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.

  • CVE-2024-24333CriJan 30, 2024
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.

  • CVE-2024-24332CriJan 30, 2024
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.

  • CVE-2024-24331CriJan 30, 2024
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.

  • CVE-2024-24330CriJan 30, 2024
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.

  • CVE-2024-24329CriJan 30, 2024
    risk 0.64cvss 9.8epss 0.06

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.

  • CVE-2024-24328CriJan 30, 2024
    risk 0.64cvss 9.8epss 0.06

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.

  • CVE-2024-24327CriJan 30, 2024
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.

  • CVE-2024-24326CriJan 30, 2024
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.

  • CVE-2024-24325CriJan 30, 2024
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.

  • CVE-2024-23061CriJan 11, 2024
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.

  • CVE-2024-23060CriJan 11, 2024
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.

  • CVE-2024-23059CriJan 11, 2024
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.

  • CVE-2024-23058CriJan 11, 2024
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.

  • CVE-2024-23057CriJan 11, 2024
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.

Page 1 of 4