TOTOLINK A3300R hour parameter command injection vulnerability

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R hour parameter, which originates from the cstecgi.cgi file failing to properly validate the hour parameter, and can be exploited by an attacker to execute...

EUVD-2026-25242

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31181

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi...

PT-2026-34711

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31181

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi...

CVE-2025-55901

TOTOLINK A3300R V17.0.0cu.596B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the hosttime parameter...

TOTOLINK A3300R 安全漏洞

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. The TOTOLINK A3300R suffers from a command injection vulnerability that stems from the url parameter of the setUrlFilterRules method failing to...

CVE-2023-46992

TOTOLINK A3300R V17.0.0cu.557B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages...

CVE-2023-46993

In TOTOLINK A3300R V17.0.0cu.557B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection...