Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> A3300r Firmware  >> 17.0.0cu.557_b20221024  Security Vulnerabilities
CVE-2024-24332
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.
CVSS Score
9.8
EPSS Score
0.027
Published
2024-01-30
CVE-2024-24333
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.
CVSS Score
9.8
EPSS Score
0.027
Published
2024-01-30
CVE-2024-23059
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.
CVSS Score
9.8
EPSS Score
0.023
Published
2024-01-11
CVE-2024-23060
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.
CVSS Score
9.8
EPSS Score
0.023
Published
2024-01-11
CVE-2024-23061
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.
CVSS Score
9.8
EPSS Score
0.023
Published
2024-01-11
CVE-2024-22942
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.
CVSS Score
9.8
EPSS Score
0.031
Published
2024-01-11
CVE-2024-23057
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.
CVSS Score
9.8
EPSS Score
0.031
Published
2024-01-11
CVE-2024-23058
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.
CVSS Score
9.8
EPSS Score
0.031
Published
2024-01-11
CVE-2023-46992
TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-31
CVE-2023-46993
In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.
CVSS Score
9.8
EPSS Score
0.03
Published
2023-10-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved