Lucene search

A3300R Firmware Security Vulnerabilities - 2023

cve

CVE-2023-31729

TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.

9.8CVSS

9.6AI Score

0.008EPSS

2023-05-18 02:15 AM

cve

CVE-2023-37170

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.

9.8CVSS

9.9AI Score

0.003EPSS

2023-07-07 08:15 PM

111

cve

CVE-2023-37171

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.

9.8CVSS

9.7AI Score

0.016EPSS

2023-07-07 08:15 PM

cve

CVE-2023-37172

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.

9.8CVSS

9.7AI Score

0.016EPSS

2023-07-07 08:15 PM

107

cve

CVE-2023-37173

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.

9.8CVSS

9.7AI Score

0.017EPSS

2023-07-07 08:15 PM

cve

CVE-2023-46976

TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.

9.8CVSS

9.6AI Score

0.869EPSS

2023-10-31 02:15 PM

cve

CVE-2023-46992

TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.

7.5CVSS

7.7AI Score

0.002EPSS

2023-10-31 03:15 PM

cve

CVE-2023-46993

In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.

9.8CVSS

9.6AI Score

0.869EPSS

2023-10-31 03:15 PM