CVE-2023-37173
https://notcve.org/view.php?id=CVE-2023-37173
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. • https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_4 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-37170
https://notcve.org/view.php?id=CVE-2023-37170
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. • https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •