Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-31160
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi.
CVSS Score
6.5
EPSS Score
0.003
Published
2026-04-23
CVE-2026-31164
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi.
CVSS Score
6.5
EPSS Score
0.003
Published
2026-04-23
CVE-2026-31165
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi.
CVSS Score
6.5
EPSS Score
0.003
Published
2026-04-23
CVE-2026-31171
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi.
CVSS Score
6.5
EPSS Score
0.003
Published
2026-04-23
CVE-2026-31172
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the user parameter to /cgi-bin/cstecgi.cgi.
CVSS Score
6.5
EPSS Score
0.003
Published
2026-04-23
CVE-2026-31174
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi.
CVSS Score
6.5
EPSS Score
0.003
Published
2026-04-23
CVE-2026-31175
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi.
CVSS Score
9.8
EPSS Score
0.004
Published
2026-04-23
CVE-2026-31176
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun_user parameter to /cgi-bin/cstecgi.cgi.
CVSS Score
6.5
EPSS Score
0.003
Published
2026-04-23
CVE-2026-31177
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi.
CVSS Score
9.8
EPSS Score
0.004
Published
2026-04-23
CVE-2026-41240
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBID_TAGS and FORBID_ATTR handling when function-based ADD_TAGS is used. Commit c361baa added an early exit for FORBID_ATTR at line 1214. The same fix was not applied to FORBID_TAGS. At line 1118-1123, when EXTRA_ELEMENT_HANDLING.tagCheck returns true, the short-circuit evaluation skips the FORBID_TAGS check entirely. This allows forbidden elements to survive sanitization with their attributes intact. Version 3.4.0 patches the issue.
CVSS Score
6.0
EPSS Score
0.0
Published
2026-04-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved