CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-37172
https://notcve.org/view.php?id=CVE-2023-37172
07 Jul 2023 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. • https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-37173
https://notcve.org/view.php?id=CVE-2023-37173
07 Jul 2023 — TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. • https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_4 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2023-31729
https://notcve.org/view.php?id=CVE-2023-31729
18 May 2023 — TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. • http://totolink.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •