CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46992
https://notcve.org/view.php?id=CVE-2023-46992
TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages. TOTOLINK A3300R V17.0.0cu.557_B20221024 es vulnerable a un control de acceso incorrecto. Los atacantes pueden restablecer varias contraseñas críticas sin autenticación visitando páginas específicas. • https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R/readme.md • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 72%CPEs: 2EXPL: 1CVE-2023-46976
https://notcve.org/view.php?id=CVE-2023-46976
TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function. TOTOLINK A3300R 17.0.0cu.557_B20221024 contiene una inyección de comando a través del parámetro file_name en la función UploadFirmwareFile. • https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20A3300R/1/README.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 72%CPEs: 2EXPL: 1CVE-2023-46993
https://notcve.org/view.php?id=CVE-2023-46993
In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection. En TOTOLINK A3300R V17.0.0cu.557_B20221024, cuando se trata de la solicitud setLedCfg, no hay verificación para el parámetro enable, lo que puede provocar la inyección de un comando. • https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R-Command%20Injection/readme.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2023-37171
https://notcve.org/view.php?id=CVE-2023-37171
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. • https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2023-37172
https://notcve.org/view.php?id=CVE-2023-37172
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. • https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •