Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-31160 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31164 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31165 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31171 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31172 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the user parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31174 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31175 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | N/A | 9.8 CRITICAL |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31176 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun_user parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31170 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-22 | N/A | 9.8 CRITICAL |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun-pass parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2025-55895 | 1 Totolink | 4 A3300r, A3300r Firmware, N200re and 1 more | 2025-12-17 | N/A | 9.1 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in (remote). | |||||
| CVE-2025-55901 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-12-17 | N/A | 6.5 MEDIUM |
| TOTOLINK A3300R V17.0.0cu.596_B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the host_time parameter. | |||||
| CVE-2025-12241 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-10-28 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2025-12258 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-10-28 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. Impacted is the function setOpModeCfg of the file /cgi-bin/cstecgi.cg of the component POST Parameter Handler. The manipulation of the argument opmode results in stack-based buffer overflow. The attack may be performed from remote. | |||||
| CVE-2025-12259 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-10-28 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. This manipulation of the argument recHour causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2025-12260 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-10-28 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. Such manipulation of the argument enable leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-12239 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-10-27 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Executing manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-12240 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-10-27 | 9.0 HIGH | 8.8 HIGH |
| A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-52046 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-09-26 | N/A | 9.8 CRITICAL |
| Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2024-24325 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function. | |||||
| CVE-2024-23061 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function. | |||||