Totolink

A3300r

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-55901

Exploit
  • EPSS 0.63%
  • Veröffentlicht 15.12.2025 17:15:53
  • Zuletzt bearbeitet 17.12.2025 19:20:33

TOTOLINK A3300R V17.0.0cu.596_B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the host_time parameter.

9.1

CVE-2025-55895

Exploit
  • EPSS 0.12%
  • Veröffentlicht 15.12.2025 00:00:00
  • Zuletzt bearbeitet 17.12.2025 19:21:10

TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in (remote).

8.8

CVE-2025-12260

Exploit
  • EPSS 0.16%
  • Veröffentlicht 27.10.2025 10:02:11
  • Zuletzt bearbeitet 28.10.2025 02:10:08

A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. Such manipulation of the argument enable leads to st...

8.8

CVE-2025-12259

Exploit
  • EPSS 0.16%
  • Veröffentlicht 27.10.2025 10:02:08
  • Zuletzt bearbeitet 28.10.2025 02:10:25

A flaw has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. This manipulation of the argument recHour causes stack-base...

8.8

CVE-2025-12258

Exploit
  • EPSS 0.16%
  • Veröffentlicht 27.10.2025 09:32:11
  • Zuletzt bearbeitet 28.10.2025 02:10:41

A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. Impacted is the function setOpModeCfg of the file /cgi-bin/cstecgi.cg of the component POST Parameter Handler. The manipulation of the argument opmode results in stack-based buff...

8.8

CVE-2025-12241

Exploit
  • EPSS 0.16%
  • Veröffentlicht 27.10.2025 07:15:39
  • Zuletzt bearbeitet 28.10.2025 02:16:41

A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based bu...

9.8

CVE-2025-12240

Exploit
  • EPSS 0.25%
  • Veröffentlicht 27.10.2025 06:32:14
  • Zuletzt bearbeitet 27.10.2025 17:58:43

A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the a...

9.8

CVE-2025-12239

Exploit
  • EPSS 0.25%
  • Veröffentlicht 27.10.2025 06:32:10
  • Zuletzt bearbeitet 27.10.2025 18:00:52

A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Executing manipulation can lead to buffer overflow. The attack may be performed from remote. T...

9.8

CVE-2025-52046

Exploit
  • EPSS 63.9%
  • Veröffentlicht 17.07.2025 16:15:35
  • Zuletzt bearbeitet 26.09.2025 13:09:07

Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted...