VYPR

A3300R

by Totolink

Source repositories

CVEs (65)

  • CVE-2024-22942CriJan 11, 2024
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.

  • CVE-2023-46993CriOct 31, 2023
    risk 0.64cvss 9.8epss 0.02

    In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.

  • CVE-2023-46976CriOct 31, 2023
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.

  • CVE-2023-37173CriJul 7, 2023
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.

  • CVE-2023-37172CriJul 7, 2023
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.

  • CVE-2023-37171CriJul 7, 2023
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.

  • CVE-2023-37170CriJul 7, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.

  • CVE-2023-31729CriMay 18, 2023
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.

  • CVE-2024-7331HigAug 1, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack may be launched…

  • CVE-2024-27521HigMar 26, 2024
    risk 0.52cvss 8.0epss 0.01

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail,…

  • CVE-2023-46992HigOct 31, 2023
    risk 0.49cvss 7.5epss 0.01

    TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.

  • CVE-2026-5176HigMar 31, 2026
    risk 0.48cvss 7.3epss 0.02

    A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The…

  • CVE-2026-31173MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31169MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31168MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31167MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31166MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31163MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31162MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31179MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi.