Vulnerabilities > Totolink > A3300R Firmware

DATE CVE VULNERABILITY TITLE RISK
2024-01-30 CVE-2024-24333 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-11 CVE-2024-22942 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-11 CVE-2024-23057 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-11 CVE-2024-23058 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-11 CVE-2024-23059 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-11 CVE-2024-23060 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-11 CVE-2024-23061 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2023-10-31 CVE-2023-46992 Unspecified vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control.
network
low complexity
totolink
7.5
2023-10-31 CVE-2023-46993 Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.
network
low complexity
totolink CWE-77
critical
9.8
2023-10-31 CVE-2023-46976 Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.
network
low complexity
totolink CWE-77
critical
9.8