5 matches found
Command injection
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function...
PT-2024-19650 · Totolink · Totolink A3300R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version V17.0.0cu.557 B20221024 Description: A command injection issue was discovered via the username parameter in the setDdnsCfg function. This allows for potential exploitation. Recommendations: For TOTOLINK A3300R version...
Command injection
TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi...
CVE-2023-31729
TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi...
CVE-2023-31729
TOTOLINK A3300R v17.0.0cu.557 is affected by a Command Injection vulnerability in /cgi-bin/cstecgi.cgi. The CNVD entry attributes the issue to a failure to properly filter constructed command characters, enabling arbitrary command execution. Impact is rated CRITICAL (network vector, no authentica...