A3300R
by Totolink
Source repositories
CVEs (65)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-22942 | Cri | 0.64 | 9.8 | 0.02 | Jan 11, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function. | ||
| CVE-2023-46993 | Cri | 0.64 | 9.8 | 0.02 | Oct 31, 2023 | In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection. | ||
| CVE-2023-46976 | Cri | 0.64 | 9.8 | 0.02 | Oct 31, 2023 | TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function. | ||
| CVE-2023-37173 | Cri | 0.64 | 9.8 | 0.02 | Jul 7, 2023 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | ||
| CVE-2023-37172 | Cri | 0.64 | 9.8 | 0.02 | Jul 7, 2023 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | ||
| CVE-2023-37171 | Cri | 0.64 | 9.8 | 0.02 | Jul 7, 2023 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. | ||
| CVE-2023-37170 | Cri | 0.64 | 9.8 | 0.01 | Jul 7, 2023 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. | ||
| CVE-2023-31729 | Cri | 0.64 | 9.8 | 0.02 | May 18, 2023 | TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. | ||
| CVE-2024-7331 | Hig | 0.57 | 8.8 | 0.01 | Aug 1, 2024 | A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack may be launched… | ||
| CVE-2024-27521 | Hig | 0.52 | 8.0 | 0.01 | Mar 26, 2024 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail,… | ||
| CVE-2023-46992 | Hig | 0.49 | 7.5 | 0.01 | Oct 31, 2023 | TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages. | ||
| CVE-2026-5176 | Hig | 0.48 | 7.3 | 0.02 | Mar 31, 2026 | A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The… | ||
| CVE-2026-31173 | Med | 0.42 | 6.5 | 0.00 | Apr 23, 2026 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi. | ||
| CVE-2026-31169 | Med | 0.42 | 6.5 | 0.00 | Apr 23, 2026 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi. | ||
| CVE-2026-31168 | Med | 0.42 | 6.5 | 0.00 | Apr 23, 2026 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi. | ||
| CVE-2026-31167 | Med | 0.42 | 6.5 | 0.00 | Apr 23, 2026 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi. | ||
| CVE-2026-31166 | Med | 0.42 | 6.5 | 0.00 | Apr 23, 2026 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi. | ||
| CVE-2026-31163 | Med | 0.42 | 6.5 | 0.00 | Apr 23, 2026 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi. | ||
| CVE-2026-31162 | Med | 0.42 | 6.5 | 0.00 | Apr 23, 2026 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi. | ||
| CVE-2026-31179 | Med | 0.42 | 6.5 | 0.00 | Apr 23, 2026 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi. |
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.
- risk 0.64cvss 9.8epss 0.02
In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.
- risk 0.64cvss 9.8epss 0.01
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.
- risk 0.64cvss 9.8epss 0.02
TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.
- risk 0.57cvss 8.8epss 0.01
A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack may be launched…
- risk 0.52cvss 8.0epss 0.01
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail,…
- risk 0.49cvss 7.5epss 0.01
TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.
- risk 0.48cvss 7.3epss 0.02
A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The…
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi.
Page 2 of 4