Vulnerabilities > Totolink > A3300R Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-01-11 CVE-2024-23060 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-11 CVE-2024-23059 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-11 CVE-2024-23058 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-11 CVE-2024-23057 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2024-01-11 CVE-2024-22942 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2023-10-31 CVE-2023-46993 Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.
network
low complexity
totolink CWE-77
critical
9.8
2023-10-31 CVE-2023-46976 Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.
network
low complexity
totolink CWE-77
critical
9.8
2023-07-07 CVE-2023-37173 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2023-07-07 CVE-2023-37172 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2023-07-07 CVE-2023-37171 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.
network
low complexity
totolink CWE-78
critical
9.8