A3300R
Monthly
OS command injection in Totolink A3300R firmware version 17.0.0cu.557_B20221024 allows authenticated local attackers to execute arbitrary commands via the stun_pass parameter in the vsetTr069Cfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 5.1 (medium severity) with CVSS:4.0/AV:A/AC:L/PR:L vector indicating adjacent network access and low authentication requirements. Publicly available exploit code exists, though active exploitation status (CISA KEV) is not confirmed.
Command injection in Totolink A3300R firmware 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via the vlanPriLan3 parameter in the setIptvCfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a publicly available exploit and carries moderate severity (CVSS 6.3) with confirmed exploitability signals (EPSS P/E indicator). Successful exploitation grants an authenticated attacker the ability to manipulate VLAN priority settings and potentially gain code execution on the affected router.
Command injection in Totolink A3300R 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via manipulation of the rxRate parameter in the setWiFiBasicCfg function at /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 6.3 with publicly available exploit code, making it a moderate-priority issue for affected device administrators despite requiring prior authentication.
Command injection in Totolink A3300R router firmware 17.0.0cu.557_b20221024 allows unauthenticated remote attackers to execute arbitrary system commands via the setSyslogCfg function in /cgi-bin/cstecgi.cgi. Public exploit code is available on GitHub, significantly lowering the barrier to exploitation. The CVSS vector (AV:N/AC:L/PR:N) confirms network-accessible exploitation with low complexity and no authentication required, enabling pre-authentication remote code execution on affected routers.
Command injection in Totolink A3300R firmware version 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via manipulation of the pptpPassThru parameter in the setVpnPassCfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 6.3 (medium severity) with network-accessible attack vector and low complexity; publicly available exploit code exists, making this an actionable threat for affected deployments.
Command injection in Totolink A3300R router firmware version 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via a crafted ip parameter in the setStaticRoute function of /cgi-bin/cstecgi.cgi. The vulnerability carries a CVSS score of 6.3 (medium severity) with public exploit code available, enabling potential compromise of router configuration and data integrity.
Remote command injection in Totolink A3300R firmware 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via the enable parameter in the setUPnPCfg function at /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the vulnerability has a CVSS score of 6.3 with confirmed proof-of-concept demonstrated on GitHub.
Command injection in Totolink A3300R 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary system commands via the qos_up_bw parameter in the setSmartQosCfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 6.3 (medium severity) with low attack complexity, and publicly available exploit code exists, though no active exploitation via CISA KEV has been confirmed at time of analysis.
Command injection in Totolink A3300R firmware versions up to 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via the lanIp parameter in the setLanCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists for this vulnerability. With a CVSS score of 5.3 and moderate real-world exploitability, this presents a meaningful risk to affected router installations.
OS command injection in Totolink A3300R firmware version 17.0.0cu.557_B20221024 allows authenticated local attackers to execute arbitrary commands via the stun_pass parameter in the vsetTr069Cfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 5.1 (medium severity) with CVSS:4.0/AV:A/AC:L/PR:L vector indicating adjacent network access and low authentication requirements. Publicly available exploit code exists, though active exploitation status (CISA KEV) is not confirmed.
Command injection in Totolink A3300R firmware 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via the vlanPriLan3 parameter in the setIptvCfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a publicly available exploit and carries moderate severity (CVSS 6.3) with confirmed exploitability signals (EPSS P/E indicator). Successful exploitation grants an authenticated attacker the ability to manipulate VLAN priority settings and potentially gain code execution on the affected router.
Command injection in Totolink A3300R 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via manipulation of the rxRate parameter in the setWiFiBasicCfg function at /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 6.3 with publicly available exploit code, making it a moderate-priority issue for affected device administrators despite requiring prior authentication.
Command injection in Totolink A3300R router firmware 17.0.0cu.557_b20221024 allows unauthenticated remote attackers to execute arbitrary system commands via the setSyslogCfg function in /cgi-bin/cstecgi.cgi. Public exploit code is available on GitHub, significantly lowering the barrier to exploitation. The CVSS vector (AV:N/AC:L/PR:N) confirms network-accessible exploitation with low complexity and no authentication required, enabling pre-authentication remote code execution on affected routers.
Command injection in Totolink A3300R firmware version 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via manipulation of the pptpPassThru parameter in the setVpnPassCfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 6.3 (medium severity) with network-accessible attack vector and low complexity; publicly available exploit code exists, making this an actionable threat for affected deployments.
Command injection in Totolink A3300R router firmware version 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via a crafted ip parameter in the setStaticRoute function of /cgi-bin/cstecgi.cgi. The vulnerability carries a CVSS score of 6.3 (medium severity) with public exploit code available, enabling potential compromise of router configuration and data integrity.
Remote command injection in Totolink A3300R firmware 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via the enable parameter in the setUPnPCfg function at /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the vulnerability has a CVSS score of 6.3 with confirmed proof-of-concept demonstrated on GitHub.
Command injection in Totolink A3300R 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary system commands via the qos_up_bw parameter in the setSmartQosCfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 6.3 (medium severity) with low attack complexity, and publicly available exploit code exists, though no active exploitation via CISA KEV has been confirmed at time of analysis.
Command injection in Totolink A3300R firmware versions up to 17.0.0cu.557_b20221024 allows authenticated remote attackers to execute arbitrary commands via the lanIp parameter in the setLanCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists for this vulnerability. With a CVSS score of 5.3 and moderate real-world exploitability, this presents a meaningful risk to affected router installations.