Skip to main content

A3300R Firmware CVE-2023-31729

CRITICAL
Command Injection (CWE-77)
2023-05-18 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 18, 2023 - 02:15 nvd
CRITICAL 9.8

DescriptionNVD

TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.

AnalysisAI

TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. Affected products include: Totolink A3300R Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

CVE-2024-24333 CRITICAL POC
9.8 Jan 30

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc paramet

CVE-2024-24332 CRITICAL POC
9.8 Jan 30

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url paramete

CVE-2024-24331 CRITICAL POC
9.8 Jan 30

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable param

CVE-2024-24330 CRITICAL POC
9.8 Jan 30

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enab

CVE-2024-24329 CRITICAL POC
9.8 Jan 30

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable param

CVE-2024-24328 CRITICAL POC
9.8 Jan 30

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable param

CVE-2024-24327 CRITICAL POC
9.8 Jan 30

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass pa

CVE-2024-24326 CRITICAL POC
9.8 Jan 30

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable pa

CVE-2024-24325 CRITICAL POC
9.8 Jan 30

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable param

CVE-2023-46993 CRITICAL POC
9.8 Oct 31

In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable

CVE-2023-46976 CRITICAL POC
9.8 Oct 31

TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFil

CVE-2023-37173 CRITICAL POC
9.8 Jul 07

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command para

Share

CVE-2023-31729 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy