ReportizFlow
Filtered by vendor Totolink
Subscriptions
Filtered by product A3300r Firmware
Subscriptions
Total
54 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-31159 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31160 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31164 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31165 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31171 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31172 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the user parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31174 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31175 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | 9.8 Critical |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31176 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun_user parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31170 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-22 | 9.8 Critical |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun-pass parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-5679 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-22 | 5.5 Medium |
| A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument stun_pass leads to os command injection. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-5176 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-07 | 7.3 High |
| A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-5177 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-07 | 6.3 Medium |
| A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument rxRate can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-5178 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-07 | 6.3 Medium |
| A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this issue is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument vlanPriLan3 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-5104 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-01 | 6.3 Medium |
| A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-5101 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-03-30 | 6.3 Medium |
| A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | ||||
| CVE-2026-5102 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-03-30 | 6.3 Medium |
| A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qos_up_bw results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-5103 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-03-30 | 6.3 Medium |
| A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-5105 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-03-30 | 6.3 Medium |
| A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2025-12260 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-02-24 | 8.8 High |
| A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. Such manipulation of the argument enable leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||