CVE-2023-31729

Published: May 18, 2023Modified: Jan 22, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.

Affected (1)

Products: Totolink: A3300r Firmware

1 product

A3300r Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A3300r Firmware	Version 17.0.0cu.557

Running on/with	Platform Versions
Totolink A3300r	All versions

Related CWEs

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (7)

http://totolink.com

Source: cve@mitre.org

Product

https://github.com/D2y6p/CVE/blob/2bac2c96e24229fa99e0254eaac1b8809e424b4b/Totolink/CVE-2023-31729/CVE-2023-31729.md

Source: cve@mitre.org

https://github.com/D2y6p/CVE/blob/main/Totolink/CVE-2023-31729/CVE-2023-31729.md

Source: cve@mitre.org

Broken Link

http://totolink.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/D2y6p/CVE/blob/2bac2c96e24229fa99e0254eaac1b8809e424b4b/Totolink/CVE-2023-31729/CVE-2023-31729.md

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/D2y6p/CVE/blob/main/Totolink/CVE-2023-31729/CVE-2023-31729.md

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://github.com/D2y6p/CVE/blob/2bac2c96e24229fa99e0254eaac1b8809e424b4b/Totolink/CVE-2023-31729/CVE-2023-31729.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.