Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-31159
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-04-23
CVE-2026-31160
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-04-23
CVE-2026-31164
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-04-23
CVE-2026-31165
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-04-23
CVE-2026-31171
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-04-23
CVE-2026-31172
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the user parameter to /cgi-bin/cstecgi.cgi.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-04-23
CVE-2026-31174
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-04-23
CVE-2026-31175
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-04-23
CVE-2026-31176
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun_user parameter to /cgi-bin/cstecgi.cgi.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-04-23
CVE-2026-41166
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including `master`. The handler uses the `{realm}` path segment when talking to the identity provider but does not check that the caller may administer that realm. This could result in a privilege escalation to `master` realm administrator if the attacker controls any user in `master` realm. Version 1.22.1 fixes the issue.
CVSS Score
7.0
EPSS Score
0.0
Published
2026-04-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved