6 matches found
CVE-2026-31174
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31159
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31173
ToToLink A3300R firmware v17.0.0cu.557_B20221024 is affected. A flaw in /cgi-bin/cstecgi.cgi allows execution of arbitrary commands via the interval parameter. CVSS 3.1: Network attack, Privileges Required NONE, User Interaction NONE, Impact Confidentiality and Integrity LOW, Availability NONE; b...
CVE-2026-31177
The CVE-2026-31177 entry affects ToToLink A3300R firmware (example: v17.0.0cu.557_B20221024). The root cause is an input handling flaw in the stunMinAlive parameter passed to /cgi-bin/cstecgi.cgi, enabling an attacker to execute arbitrary commands. Impact is high (remote, unauthenticated network ...
CVE-2024-23059
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function...
CVE-2023-37171
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function...