Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> A3300r Firmware  >> 17.0.0cu.557_b20221024  Security Vulnerabilities
CVE-2024-23061
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.
CVSS Score
9.8
EPSS Score
0.023
Published
2024-01-11
CVE-2024-22942
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.
CVSS Score
9.8
EPSS Score
0.031
Published
2024-01-11
CVE-2024-23057
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.
CVSS Score
9.8
EPSS Score
0.031
Published
2024-01-11
CVE-2024-23058
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.
CVSS Score
9.8
EPSS Score
0.031
Published
2024-01-11
CVE-2023-46992
TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-10-31
CVE-2023-46993
In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.
CVSS Score
9.8
EPSS Score
0.03
Published
2023-10-31
CVE-2023-46976
TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.
CVSS Score
9.8
EPSS Score
0.03
Published
2023-10-31
CVE-2023-37170
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.
CVSS Score
9.8
EPSS Score
0.033
Published
2023-07-07
CVE-2023-37171
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-07-07
CVE-2023-37172
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-07-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved