Totolink A3300R Firmware vulnerabilities

43 known vulnerabilities affecting totolink/a3300r_firmware.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL24HIGH9MEDIUM9LOW1

Vulnerabilities

Page 2 of 3

CVE-2024-24327CRITICALCVSS 9.8v17.0.0cu.557_b202210242024-01-30

CVE-2024-24327 [CRITICAL] CWE-78 CVE-2024-24327: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.

nvd

CVE-2024-24331CRITICALCVSS 9.8v17.0.0cu.557_b202210242024-01-30

CVE-2024-24331 [CRITICAL] CWE-78 CVE-2024-24331: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.

nvd

CVE-2024-24329CRITICALCVSS 9.8PoCv17.0.0cu.557_b202210242024-01-30

CVE-2024-24329 [CRITICAL] CWE-78 CVE-2024-24329: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.

nvd

CVE-2024-24326CRITICALCVSS 9.8v17.0.0cu.557_b202210242024-01-30

CVE-2024-24326 [CRITICAL] CWE-78 CVE-2024-24326: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.

nvd

CVE-2024-24325CRITICALCVSS 9.8v17.0.0cu.557_b202210242024-01-30

CVE-2024-24325 [CRITICAL] CWE-78 CVE-2024-24325: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.

nvd

CVE-2024-24330CRITICALCVSS 9.8v17.0.0cu.557_b202210242024-01-30

CVE-2024-24330 [CRITICAL] CWE-78 CVE-2024-24330: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.

nvd

CVE-2024-24333CRITICALCVSS 9.8v17.0.0cu.557_b202210242024-01-30

CVE-2024-24333 [CRITICAL] CWE-78 CVE-2024-24333: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.

nvd

CVE-2024-24332CRITICALCVSS 9.8v17.0.0cu.557_b202210242024-01-30

CVE-2024-24332 [CRITICAL] CWE-78 CVE-2024-24332: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.

nvd

CVE-2024-24328CRITICALCVSS 9.8PoCv17.0.0cu.557_b202210242024-01-30

CVE-2024-24328 [CRITICAL] CWE-78 CVE-2024-24328: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.

nvd

CVE-2024-23061CRITICALCVSS 9.8v17.0.0cu.557_b202210242024-01-11

CVE-2024-23061 [CRITICAL] CWE-78 CVE-2024-23061: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.

nvd

CVE-2024-23059CRITICALCVSS 9.8v17.0.0cu.557_b202210242024-01-11

CVE-2024-23059 [CRITICAL] CWE-78 CVE-2024-23059: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.

nvd

CVE-2024-22942CRITICALCVSS 9.8v17.0.0cu.557_b202210242024-01-11

CVE-2024-22942 [CRITICAL] CWE-78 CVE-2024-22942: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.

nvd

CVE-2024-23058CRITICALCVSS 9.8v17.0.0cu.557_b202210242024-01-11

CVE-2024-23058 [CRITICAL] CWE-78 CVE-2024-23058: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.

nvd

CVE-2024-23060CRITICALCVSS 9.8v17.0.0cu.557_b202210242024-01-11

CVE-2024-23060 [CRITICAL] CWE-78 CVE-2024-23060: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.

nvd

CVE-2024-23057CRITICALCVSS 9.8v17.0.0cu.557_b202210242024-01-11

CVE-2024-23057 [CRITICAL] CWE-78 CVE-2024-23057: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.

nvd

CVE-2023-46976CRITICALCVSS 9.8v17.0.0cu.557_b202210242023-10-31

CVE-2023-46976 [CRITICAL] CWE-77 CVE-2023-46976: TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in t TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.

nvd

CVE-2023-46993CRITICALCVSS 9.8v17.0.0cu.557_b202210242023-10-31

CVE-2023-46993 [CRITICAL] CWE-77 CVE-2023-46993: In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verifica In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.

nvd

CVE-2023-46992HIGHCVSS 7.5v17.0.0cu.557_b202210242023-10-31

CVE-2023-46992 [HIGH] CWE-863 CVE-2023-46992: TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are abl TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.

nvd

CVE-2023-37173CRITICALCVSS 9.8v17.0.0cu.557_b202210242023-07-07

CVE-2023-37173 [CRITICAL] CWE-78 CVE-2023-37173: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.

nvd

CVE-2023-37170CRITICALCVSS 9.8v17.0.0cu.557_b202210242023-07-07

CVE-2023-37170 [CRITICAL] CWE-78 CVE-2023-37170: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code exe TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.

nvd

← Previous2 / 3Next →