A3300r Firmware

a3300r_firmware

Vendor: Totolink • 64 CVEs

CVEs (64)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-27521 1Totolink 1A3300r Firmware Apr 8, 2025 Mar 26, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an atta...Show more TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows unauthenticated, remote attackers to execute arbitrary system commands with administrative privileges (i.e., as user "root").Show less
CVE-2024-24333 1Totolink 1A3300r Firmware Jun 12, 2025 Jan 30, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.
CVE-2024-24332 1Totolink 1A3300r Firmware May 30, 2025 Jan 30, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.
CVE-2024-24331 1Totolink 1A3300r Firmware May 29, 2025 Jan 30, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.
CVE-2024-24330 1Totolink 1A3300r Firmware Jun 9, 2025 Jan 30, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.
CVE-2024-24329 1Totolink 1A3300r Firmware Jun 12, 2025 Jan 30, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.
CVE-2024-24328 1Totolink 1A3300r Firmware Nov 21, 2024 Jan 30, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.
CVE-2024-24327 1Totolink 1A3300r Firmware May 29, 2025 Jan 30, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.
CVE-2024-24326 1Totolink 1A3300r Firmware Nov 21, 2024 Jan 30, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.
CVE-2024-24325 1Totolink 1A3300r Firmware Jun 20, 2025 Jan 30, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.
CVE-2024-23061 1Totolink 1A3300r Firmware Jun 20, 2025 Jan 11, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.
CVE-2024-23060 1Totolink 1A3300r Firmware Jun 17, 2025 Jan 11, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.
CVE-2024-23059 1Totolink 1A3300r Firmware Jun 3, 2025 Jan 11, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.
CVE-2024-23058 1Totolink 1A3300r Firmware Nov 21, 2024 Jan 11, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.
CVE-2024-23057 1Totolink 1A3300r Firmware Nov 21, 2024 Jan 11, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.
CVE-2024-22942 1Totolink 1A3300r Firmware Jun 3, 2025 Jan 11, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.
CVE-2023-46993 1Totolink 1A3300r Firmware Nov 21, 2024 Oct 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.
CVE-2023-46992 1Totolink 1A3300r Firmware Nov 21, 2024 Oct 31, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.
CVE-2023-46976 1Totolink 1A3300r Firmware Nov 21, 2024 Oct 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.
CVE-2023-37173 1Totolink 1A3300r Firmware Nov 21, 2024 Jul 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.

Previous 1 234 Next