18 matches found
CVE-2026-31179
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi...
PT-2026-34717
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi...
PT-2026-34706
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31176
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunuser parameter to /cgi-bin/cstecgi.cgi...
PT-2026-29188
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557 b20221024. Affected by this issue is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument vlanPriLan3 leads to command injection. Remote exploitation of the attack is possible. The...
PT-2026-28758
Name of the Vulnerable Software and Affected Versions Totolink A3300R version 17.0.0cu.557 b20221024 Description A security issue exists in Totolink A3300R version 17.0.0cu.557 b20221024. The setStaticRoute function within the /cgi-bin/cstecgi.cgi file is susceptible to command injection through...
PT-2026-28756
Name of the Vulnerable Software and Affected Versions Totolink A3300R version 17.0.0cu.557 b20221024 Description A security flaw exists in the Totolink A3300R router. This issue involves a command injection impacting the setSmartQosCfg function within the /cgi-bin/cstecgi.cgi file of the Paramete...
CVE-2025-12241
A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the atta...
PT-2025-43921
Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description A flaw exists in TOTOLINK A3300R version 17.0.0cu.557 B20221024 that allows for remote manipulation of the enable argument within the setSyslogCfg function located in the...
PT-2025-43917
Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description A flaw exists in TOTOLINK A3300R that could lead to a stack-based buffer overflow. The issue is located in the setOpModeCfg function within the /cgi-bin/cstecgi.cg file, specifically...
PT-2024-38117 · Totolink · Totolink A3300R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description: A vulnerability has been found in the affected software, classified as problematic. It affects an unknown functionality of the file /etc/shadow.sample, leading to the use of a...
CVE-2024-24328
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function...
PT-2024-20364 · Totolink · Totolink A3300R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description: A command injection issue was discovered via the enable parameter in the setWiFiScheduleCfg function. This allows for potential exploitation. Recommendations: For TOTOLINK A3300R...
PT-2024-19623 · Totolink · Totolink A3300R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description: A command injection issue was discovered via the hostName parameter in the setWanCfg function. This allows for potential exploitation. Recommendations: For TOTOLINK A3300R version...
PT-2023-30277 · Totolink · Totolink A3300R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description: The issue concerns a command injection via the file name parameter in the UploadFirmwareFile function. Recommendations: For TOTOLINK A3300R version 17.0.0cu.557 B20221024, avoid usin...
PT-2023-25818 · Totolink · Totolink A3300R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description: A command injection issue was found in the setTracerouteCfg function via the command parameter. Recommendations: For version 17.0.0cu.557 B20221024, consider disabling the...
TOTOLINK A3300R 命令注入漏洞
The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R v17.0.0cu.557, which originates from a failure of the setddnscfg function of the request /cgi-bin/cstecgi.cgi to correctly filter constructed command...
PT-2023-23439 · Totolink · Totolink A3300R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version 17.0.0cu.557 Description: The issue concerns a Command Injection vulnerability. It can be exploited via the "/cgi-bin/cstecgi.cgi" API endpoint. Recommendations: For TOTOLINK A3300R version 17.0.0cu.557, as a temporary...