Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> A3300r  Security Vulnerabilities
CVE-2024-27521
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows unauthenticated, remote attackers to execute arbitrary system commands with administrative privileges (i.e., as user "root").
CVSS Score
8.0
EPSS Score
0.018
Published
2024-03-26
CVE-2024-24325
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.
CVSS Score
9.8
EPSS Score
0.032
Published
2024-01-30
CVE-2024-24326
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.
CVSS Score
9.8
EPSS Score
0.015
Published
2024-01-30
CVE-2024-24327
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.
CVSS Score
9.8
EPSS Score
0.015
Published
2024-01-30
CVE-2024-24328
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.
CVSS Score
9.8
EPSS Score
0.844
Published
2024-01-30
CVE-2024-24329
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.
CVSS Score
9.8
EPSS Score
0.833
Published
2024-01-30
CVE-2024-24330
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.
CVSS Score
9.8
EPSS Score
0.021
Published
2024-01-30
CVE-2024-24331
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.
CVSS Score
9.8
EPSS Score
0.016
Published
2024-01-30
CVE-2024-24332
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.
CVSS Score
9.8
EPSS Score
0.041
Published
2024-01-30
CVE-2024-24333
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.
CVSS Score
9.8
EPSS Score
0.032
Published
2024-01-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved