Totolink

A3300r Firmware

27 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-52046

Exploit
  • EPSS 69.94%
  • Published 17.07.2025 16:15:35
  • Last modified 26.09.2025 13:09:07

Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted...

8.8

CVE-2024-7331

Exploit
  • EPSS 0.2%
  • Published 01.08.2024 00:15:02
  • Last modified 01.08.2024 17:42:09

A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow...

4.7

CVE-2024-7155

Exploit
  • EPSS 0.05%
  • Published 28.07.2024 10:15:03
  • Last modified 21.11.2024 09:50:57

A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. I...

8

CVE-2024-27521

  • EPSS 1.77%
  • Published 26.03.2024 21:15:53
  • Last modified 08.04.2025 15:27:09

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control ...

9.8

CVE-2024-24333

Exploit
  • EPSS 2.74%
  • Published 30.01.2024 15:15:09
  • Last modified 12.06.2025 15:15:37

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.

9.8

CVE-2024-24332

Exploit
  • EPSS 2.74%
  • Published 30.01.2024 15:15:09
  • Last modified 30.05.2025 19:15:29

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.

9.8

CVE-2024-24331

Exploit
  • EPSS 1.58%
  • Published 30.01.2024 15:15:09
  • Last modified 29.05.2025 15:15:32

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.

9.8

CVE-2024-24330

Exploit
  • EPSS 1.58%
  • Published 30.01.2024 15:15:09
  • Last modified 09.06.2025 19:15:23

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.

9.8

CVE-2024-24329

Exploit
  • EPSS 83.29%
  • Published 30.01.2024 15:15:09
  • Last modified 12.06.2025 15:15:37

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.

9.8

CVE-2024-24328

Exploit
  • EPSS 84.42%
  • Published 30.01.2024 15:15:09
  • Last modified 21.11.2024 08:59:10

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.