Command injection

2024-01-1116:15:00

PRIOn knowledge base

www.prio-n.com

totolink

a3300r

v17.0.0cu.557_b20221024

command injection

setschedulecfg

vulnerability

8.2 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.4%

JSON

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.

CPENameOperatorVersion
a3300r_firmwareeq17.0.0cu.557-b20221024

CPE	Name	Operator	Version
	a3300r_firmware	eq	17.0.0cu.557-b20221024

References

github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/3/TOTOLINK%20A3300R%20setScheduleCfg.md