Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
TotolinkA3300r Firmware17.0.0cu.557 b20221024

25 matches found

CVE
CVEadded 2024/01/30 3:15 p.m.164 views

CVE-2024-24329

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.

9.8CVSS9.7AI score0.83293EPSS
CVE
CVEadded 2024/01/30 3:15 p.m.151 views

CVE-2024-24325

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.

9.8CVSS9.7AI score0.03546EPSS
CVE
CVEadded 2024/01/30 3:15 p.m.146 views

CVE-2024-24326

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.

9.8CVSS9.7AI score0.01454EPSS
CVE
CVEadded 2024/01/30 3:15 p.m.145 views

CVE-2024-24328

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.

9.8CVSS9.7AI score0.84416EPSS
CVE
CVEadded 2024/01/30 3:15 p.m.145 views

CVE-2024-24332

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.

9.8CVSS9.7AI score0.02742EPSS
CVE
CVEadded 2024/01/30 3:15 p.m.143 views

CVE-2024-24331

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.

9.8CVSS9.7AI score0.01579EPSS
CVE
CVEadded 2023/07/07 8:15 p.m.129 views

CVE-2023-37172

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.

9.8CVSS9.7AI score0.01454EPSS
CVE
CVEadded 2023/07/07 8:15 p.m.127 views

CVE-2023-37170

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.

9.8CVSS9.9AI score0.03254EPSS
CVE
CVEadded 2024/01/11 4:15 p.m.50 views

CVE-2024-23058

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.

9.8CVSS9.8AI score0.0313EPSS
CVE
CVEadded 2024/03/26 9:15 p.m.47 views

CVE-2024-27521

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows una...

8CVSS8.9AI score0.01811EPSS
CVE
CVEadded 2024/08/01 12:15 a.m.47 views

CVE-2024-7331

A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack may be launched remotely. The exploi...

9CVSS8.8AI score0.01334EPSS
CVE
CVEadded 2023/10/31 3:15 p.m.44 views

CVE-2023-46993

In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.

9.8CVSS9.6AI score0.02985EPSS
CVE
CVEadded 2024/01/30 3:15 p.m.43 views

CVE-2024-24333

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.

9.8CVSS9.7AI score0.02742EPSS
CVE
CVEadded 2023/10/31 2:15 p.m.41 views

CVE-2023-46976

TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.

9.8CVSS9.6AI score0.02985EPSS
CVE
CVEadded 2024/01/30 3:15 p.m.41 views

CVE-2024-24327

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.

9.8CVSS9.7AI score0.01454EPSS
CVE
CVEadded 2024/01/30 3:15 p.m.41 views

CVE-2024-24330

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.

9.8CVSS9.7AI score0.01579EPSS
CVE
CVEadded 2024/01/11 4:15 p.m.39 views

CVE-2024-22942

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.

9.8CVSS9.7AI score0.0313EPSS
CVE
CVEadded 2024/01/11 4:15 p.m.39 views

CVE-2024-23059

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.

9.8CVSS9.7AI score0.02304EPSS
CVE
CVEadded 2024/01/11 4:15 p.m.39 views

CVE-2024-23060

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.

9.8CVSS9.7AI score0.02304EPSS
CVE
CVEadded 2024/01/11 4:15 p.m.38 views

CVE-2024-23057

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.

9.8CVSS9.7AI score0.0313EPSS
CVE
CVEadded 2024/07/28 10:15 a.m.38 views

CVE-2024-7155

A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local h...

4.7CVSS3.6AI score0.00039EPSS
CVE
CVEadded 2023/07/07 8:15 p.m.36 views

CVE-2023-37171

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.

9.8CVSS9.7AI score0.01454EPSS
CVE
CVEadded 2024/01/11 4:15 p.m.36 views

CVE-2024-23061

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.

9.8CVSS9.7AI score0.02304EPSS
CVE
CVEadded 2023/10/31 3:15 p.m.32 views

CVE-2023-46992

TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.

7.5CVSS7.7AI score0.00144EPSS
CVE
CVEadded 2023/07/07 8:15 p.m.31 views

CVE-2023-37173

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.

9.8CVSS9.7AI score0.01579EPSS