Vulnerabilities > Totolink > A3300R Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-07-07 CVE-2023-37170 OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2023-05-18 CVE-2023-31729 Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557
TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.
network
low complexity
totolink CWE-77
critical
9.8