CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2023-37173
https://notcve.org/view.php?id=CVE-2023-37173
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. • https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_4 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-37170
https://notcve.org/view.php?id=CVE-2023-37170
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. • https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31729
https://notcve.org/view.php?id=CVE-2023-31729
TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. • http://totolink.com https://github.com/D2y6p/CVE/blob/2bac2c96e24229fa99e0254eaac1b8809e424b4b/Totolink/CVE-2023-31729/CVE-2023-31729.md https://github.com/D2y6p/CVE/blob/main/Totolink/CVE-2023-31729/CVE-2023-31729.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •