CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7331 – TOTOLINK A3300R cstecgi.cgi UploadCustomModule buffer overflow
https://notcve.org/view.php?id=CVE-2024-7331
01 Aug 2024 — A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3300R/UploadCustomModule.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 1CVE-2024-7155 – TOTOLINK A3300R shadow.sample hard-coded password
https://notcve.org/view.php?id=CVE-2024-7155
28 Jul 2024 — A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3300R/shadow.md • CWE-259: Use of Hard-coded Password •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27521
https://notcve.org/view.php?id=CVE-2024-27521
26 Mar 2024 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows unauthenticated, remote attackers to execute arbitrary system commands with administrative privileges (i.e., as user "root"). Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de ej... • https://github.com/SpikeReply/advisories/blob/main/cve/totolink/cve-2024-27521.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 1CVE-2024-24325
https://notcve.org/view.php?id=CVE-2024-24325
30 Jan 2024 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function. Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro enable en la función setParentalRules. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/11/TOTOlink%20A3300R%20setParentalRules.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 1CVE-2024-24326
https://notcve.org/view.php?id=CVE-2024-24326
30 Jan 2024 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function. Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro arpEnable en la función setStaticDhcpRules. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/8/TOTOlink%20A3300R%20setStaticDhcpRules.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 1CVE-2024-24327
https://notcve.org/view.php?id=CVE-2024-24327
30 Jan 2024 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function. Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro pppoePass en la función setIpv6Cfg. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/7/TOTOlink%20A3300R%20setIpv6Cfg.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 1CVE-2024-24328
https://notcve.org/view.php?id=CVE-2024-24328
30 Jan 2024 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function. Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro enable en la función setMacFilterRules. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/12/TOTOlink%20A3300R%20setMacFilterRules.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 1CVE-2024-24329
https://notcve.org/view.php?id=CVE-2024-24329
30 Jan 2024 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function. Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro enable en la función setPortForwardRules. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/10/TOTOlink%20A3300R%20setPortForwardRules.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 1CVE-2024-24330
https://notcve.org/view.php?id=CVE-2024-24330
30 Jan 2024 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function. Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comando a través de los parámetros port o enable en la función setRemoteCfg. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/14/TOTOlink%20A3300R%20setRemoteCfg.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 1CVE-2024-24331
https://notcve.org/view.php?id=CVE-2024-24331
30 Jan 2024 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function. Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro enable en la función setWiFiScheduleCfg. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/13/TOTOlink%20A3300R%20setWiFiScheduleCfg.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •