CVSS: 10.0EPSS: 51%CPEs: 2EXPL: 1CVE-2023-46993
https://notcve.org/view.php?id=CVE-2023-46993
31 Oct 2023 — In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection. En TOTOLINK A3300R V17.0.0cu.557_B20221024, cuando se trata de la solicitud setLedCfg, no hay verificación para el parámetro enable, lo que puede provocar la inyección de un comando. • https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R-Command%20Injection/readme.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-37170
https://notcve.org/view.php?id=CVE-2023-37170
07 Jul 2023 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. • https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-37171
https://notcve.org/view.php?id=CVE-2023-37171
07 Jul 2023 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. • https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-37172
https://notcve.org/view.php?id=CVE-2023-37172
07 Jul 2023 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. • https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-37173
https://notcve.org/view.php?id=CVE-2023-37173
07 Jul 2023 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. • https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_4 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2023-31729
https://notcve.org/view.php?id=CVE-2023-31729
18 May 2023 — TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. • http://totolink.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •