Note:
This project will be discontinued after December 13, 2021. [more]
Product:
A3300r_firmware
(Totolink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-01-30 | CVE-2024-24331 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function. | A3300r_firmware | 9.8 | ||
| 2023-05-18 | CVE-2023-31729 | TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. | A3300r_firmware | 9.8 | ||
| 2023-07-07 | CVE-2023-37170 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. | A3300r_firmware | 9.8 | ||
| 2023-07-07 | CVE-2023-37171 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. | A3300r_firmware | 9.8 | ||
| 2023-07-07 | CVE-2023-37172 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | A3300r_firmware | 9.8 | ||
| 2023-07-07 | CVE-2023-37173 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | A3300r_firmware | 9.8 | ||
| 2023-10-31 | CVE-2023-46976 | TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function. | A3300r_firmware | 9.8 | ||
| 2023-10-31 | CVE-2023-46992 | TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages. | A3300r_firmware | 7.5 | ||
| 2023-10-31 | CVE-2023-46993 | In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection. | A3300r_firmware | 9.8 | ||
| 2024-01-11 | CVE-2024-23057 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function. | A3300r_firmware | 9.8 |