Vulnerabilites related to totolink - a3300r_firmware
Vulnerability from fkie_nvd
Published
2024-01-30 15:15
Modified
2024-11-21 08:59
Severity ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.", }, { lang: "es", value: "Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro enable en la función setPortForwardRules.", }, ], id: "CVE-2024-24329", lastModified: "2024-11-21T08:59:11.217", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-30T15:15:09.540", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/10/TOTOlink%20A3300R%20setPortForwardRules.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/10/TOTOlink%20A3300R%20setPortForwardRules.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-30 15:15
Modified
2024-11-21 08:59
Severity ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.", }, { lang: "es", value: "Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro url en la función setUrlFilterRules.", }, ], id: "CVE-2024-24332", lastModified: "2024-11-21T08:59:11.677", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-30T15:15:09.693", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/9/TOTOlink%20A3300R%20setUrlFilterRules.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/9/TOTOlink%20A3300R%20setUrlFilterRules.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-31 14:15
Modified
2024-11-21 08:29
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20A3300R/1/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20A3300R/1/README.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.", }, { lang: "es", value: "TOTOLINK A3300R 17.0.0cu.557_B20221024 contiene una inyección de comando a través del parámetro file_name en la función UploadFirmwareFile.", }, ], id: "CVE-2023-46976", lastModified: "2024-11-21T08:29:34.497", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-10-31T14:15:11.697", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20A3300R/1/README.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20A3300R/1/README.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-30 15:15
Modified
2024-11-21 08:59
Severity ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.", }, { lang: "es", value: "Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro enable en la función setWiFiScheduleCfg.", }, ], id: "CVE-2024-24331", lastModified: "2024-11-21T08:59:11.510", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-30T15:15:09.643", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/13/TOTOlink%20A3300R%20setWiFiScheduleCfg.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/13/TOTOlink%20A3300R%20setWiFiScheduleCfg.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-07 20:15
Modified
2024-11-21 08:11
Severity ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_4 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_4 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.", }, ], id: "CVE-2023-37173", lastModified: "2024-11-21T08:11:08.143", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-07T20:15:10.740", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_4", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-30 15:15
Modified
2024-11-21 08:59
Severity ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.", }, { lang: "es", value: "Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro enable en la función setParentalRules.", }, ], id: "CVE-2024-24325", lastModified: "2024-11-21T08:59:10.503", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-30T15:15:09.333", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/11/TOTOlink%20A3300R%20setParentalRules.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/11/TOTOlink%20A3300R%20setParentalRules.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-30 15:15
Modified
2024-11-21 08:59
Severity ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/7/TOTOlink%20A3300R%20setIpv6Cfg.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/7/TOTOlink%20A3300R%20setIpv6Cfg.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.", }, { lang: "es", value: "Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro pppoePass en la función setIpv6Cfg.", }, ], id: "CVE-2024-24327", lastModified: "2024-11-21T08:59:10.857", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-30T15:15:09.430", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/7/TOTOlink%20A3300R%20setIpv6Cfg.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/7/TOTOlink%20A3300R%20setIpv6Cfg.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-07 20:15
Modified
2024-11-21 08:11
Severity ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_1 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_1 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.", }, ], id: "CVE-2023-37170", lastModified: "2024-11-21T08:11:07.650", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-07T20:15:10.613", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-07 20:15
Modified
2024-11-21 08:11
Severity ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_2 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_2 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.", }, ], id: "CVE-2023-37171", lastModified: "2024-11-21T08:11:07.810", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-07T20:15:10.660", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-11 16:15
Modified
2024-11-21 08:56
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/6/TOTOlink%20A3300R%20setTr069Cfg.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/6/TOTOlink%20A3300R%20setTr069Cfg.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.", }, { lang: "es", value: "Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comando a través del parámetro pass en la función setTr069Cfg.", }, ], id: "CVE-2024-23058", lastModified: "2024-11-21T08:56:53.007", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-01-11T16:15:55.997", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/6/TOTOlink%20A3300R%20setTr069Cfg.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/6/TOTOlink%20A3300R%20setTr069Cfg.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-11 16:15
Modified
2024-11-21 08:56
Severity ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/4/TOTOLINK%20A3300R%20setDmzCfg.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/4/TOTOLINK%20A3300R%20setDmzCfg.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.", }, { lang: "es", value: "Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro ip en la función setDmzCfg.", }, ], id: "CVE-2024-23060", lastModified: "2024-11-21T08:56:53.390", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-11T16:15:56.110", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/4/TOTOLINK%20A3300R%20setDmzCfg.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/4/TOTOLINK%20A3300R%20setDmzCfg.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-01 00:15
Modified
2024-08-01 17:42
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3300R/UploadCustomModule.md | Exploit, Technical Description, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.273254 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.273254 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.378351 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en TOTOLINK A3300R 17.0.0cu.557_B20221024 y clasificada como crítica. La función UploadCustomModule del archivo /cgi-bin/cstecgi.cgi es afectada por esta vulnerabilidad. La manipulación del argumento File provoca un desbordamiento dl búfer. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-273254 es el identificador asignado a esta vulnerabilidad. NOTA: Se contactó al proveedor tempranamente sobre esta divulgación, pero no respondió de ninguna manera.", }, ], id: "CVE-2024-7331", lastModified: "2024-08-01T17:42:09.417", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 8.7, baseSeverity: "HIGH", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-08-01T00:15:02.770", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3300R/UploadCustomModule.md", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.273254", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.273254", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.378351", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-18 02:15
Modified
2025-01-22 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557:*:*:*:*:*:*:*", matchCriteriaId: "0C69B7CF-BF5E-423E-ACA1-D46D6BF6D127", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.", }, ], id: "CVE-2023-31729", lastModified: "2025-01-22T15:15:09.043", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-18T02:15:12.380", references: [ { source: "cve@mitre.org", tags: [ "Product", ], url: "http://totolink.com", }, { source: "cve@mitre.org", url: "https://github.com/D2y6p/CVE/blob/2bac2c96e24229fa99e0254eaac1b8809e424b4b/Totolink/CVE-2023-31729/CVE-2023-31729.md", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://github.com/D2y6p/CVE/blob/main/Totolink/CVE-2023-31729/CVE-2023-31729.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "http://totolink.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/D2y6p/CVE/blob/2bac2c96e24229fa99e0254eaac1b8809e424b4b/Totolink/CVE-2023-31729/CVE-2023-31729.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://github.com/D2y6p/CVE/blob/main/Totolink/CVE-2023-31729/CVE-2023-31729.md", }, { source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", url: "https://github.com/D2y6p/CVE/blob/2bac2c96e24229fa99e0254eaac1b8809e424b4b/Totolink/CVE-2023-31729/CVE-2023-31729.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-31 15:15
Modified
2024-11-21 08:29
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R-Command%20Injection/readme.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R-Command%20Injection/readme.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.", }, { lang: "es", value: "En TOTOLINK A3300R V17.0.0cu.557_B20221024, cuando se trata de la solicitud setLedCfg, no hay verificación para el parámetro enable, lo que puede provocar la inyección de un comando.", }, ], id: "CVE-2023-46993", lastModified: "2024-11-21T08:29:36.500", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-10-31T15:15:09.830", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R-Command%20Injection/readme.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R-Command%20Injection/readme.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-30 15:15
Modified
2024-11-21 08:59
Severity ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/14/TOTOlink%20A3300R%20setRemoteCfg.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/14/TOTOlink%20A3300R%20setRemoteCfg.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.", }, { lang: "es", value: "Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comando a través de los parámetros port o enable en la función setRemoteCfg.", }, ], id: "CVE-2024-24330", lastModified: "2024-11-21T08:59:11.363", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-30T15:15:09.597", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/14/TOTOlink%20A3300R%20setRemoteCfg.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/14/TOTOlink%20A3300R%20setRemoteCfg.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-07 20:15
Modified
2024-11-21 08:11
Severity ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_3 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_3 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.", }, ], id: "CVE-2023-37172", lastModified: "2024-11-21T08:11:07.970", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-07T20:15:10.697", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_3", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-11 16:15
Modified
2024-11-21 08:56
Severity ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/2/TOTOlink%20A3300R%20setDdnsCfg.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/2/TOTOlink%20A3300R%20setDdnsCfg.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.", }, { lang: "es", value: "Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comando a través del parámetro username en la función setDdnsCfg.", }, ], id: "CVE-2024-23059", lastModified: "2024-11-21T08:56:53.240", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-11T16:15:56.057", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/2/TOTOlink%20A3300R%20setDdnsCfg.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/2/TOTOlink%20A3300R%20setDdnsCfg.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-30 15:15
Modified
2024-11-21 08:59
Severity ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.", }, { lang: "es", value: "Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro desc en la función setWiFiAclRules.", }, ], id: "CVE-2024-24333", lastModified: "2024-11-21T08:59:11.823", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-30T15:15:09.740", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/15/TOTOlink%20A3300R%20setWiFiAclRules.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/15/TOTOlink%20A3300R%20setWiFiAclRules.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-11 16:15
Modified
2024-11-21 08:56
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/5/TOTOlink%20A3300R%20setNtpCfg.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/5/TOTOlink%20A3300R%20setNtpCfg.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.", }, { lang: "es", value: "Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro tz en la función setNtpCfg.", }, ], id: "CVE-2024-23057", lastModified: "2024-11-21T08:56:52.757", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-01-11T16:15:55.943", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/5/TOTOlink%20A3300R%20setNtpCfg.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/5/TOTOlink%20A3300R%20setNtpCfg.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-31 15:15
Modified
2024-11-21 08:29
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R/readme.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R/readme.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.", }, { lang: "es", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 es vulnerable a un control de acceso incorrecto. Los atacantes pueden restablecer varias contraseñas críticas sin autenticación visitando páginas específicas.", }, ], id: "CVE-2023-46992", lastModified: "2024-11-21T08:29:36.267", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-10-31T15:15:09.787", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R/readme.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R/readme.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-11 16:15
Modified
2024-11-21 08:56
Severity ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/3/TOTOLINK%20A3300R%20setScheduleCfg.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/3/TOTOLINK%20A3300R%20setScheduleCfg.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.", }, { lang: "es", value: "Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro de minute en la función setScheduleCfg.", }, ], id: "CVE-2024-23061", lastModified: "2024-11-21T08:56:53.533", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-11T16:15:56.157", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/3/TOTOLINK%20A3300R%20setScheduleCfg.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/3/TOTOLINK%20A3300R%20setScheduleCfg.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-28 10:15
Modified
2024-11-21 09:50
Severity ?
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3300R/shadow.md | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.272569 | Permissions Required, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.272569 | Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?submit.377465 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3300R/shadow.md | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.272569 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.272569 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.377465 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", }, { lang: "es", value: "Una vulnerabilidad ha sido encontrada en TOTOLINK A3300R 17.0.0cu.557_B20221024 y clasificada como problemática. Una función desconocida del archivo /etc/shadow.sample es afectada por esta vulnerabilidad. La manipulación conduce al uso de una contraseña codificada. Es posible lanzar el ataque al servidor local. La complejidad de un ataque es bastante alta. La explotación parece difícil. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-272569. NOTA: Se contactó al proveedor tempranamente sobre esta divulgación, pero no respondió de ninguna manera.", }, ], id: "CVE-2024-7155", lastModified: "2024-11-21T09:50:57.530", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:H/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 1.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "HIGH", attackRequirements: "NONE", attackVector: "LOCAL", availabilityRequirement: "NOT_DEFINED", baseScore: 2, baseSeverity: "LOW", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-07-28T10:15:03.053", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3300R/shadow.md", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://vuldb.com/?ctiid.272569", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.272569", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?submit.377465", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3300R/shadow.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://vuldb.com/?ctiid.272569", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.272569", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?submit.377465", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-259", }, ], source: "cna@vuldb.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-30 15:15
Modified
2024-11-21 08:59
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.", }, { lang: "es", value: "Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro arpEnable en la función setStaticDhcpRules.", }, ], id: "CVE-2024-24326", lastModified: "2024-11-21T08:59:10.643", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-01-30T15:15:09.380", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/8/TOTOlink%20A3300R%20setStaticDhcpRules.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/8/TOTOlink%20A3300R%20setStaticDhcpRules.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-11 16:15
Modified
2024-11-21 08:56
Severity ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/1/TOTOlink%20A3300R%20setWanCfg.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/1/TOTOlink%20A3300R%20setWanCfg.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.", }, { lang: "es", value: "Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro hostName en la función setWanCfg.", }, ], id: "CVE-2024-22942", lastModified: "2024-11-21T08:56:50.037", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-11T16:15:55.857", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/1/TOTOlink%20A3300R%20setWanCfg.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/1/TOTOlink%20A3300R%20setWanCfg.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-30 15:15
Modified
2024-11-21 08:59
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| totolink | a3300r_firmware | 17.0.0cu.557_b20221024 | |
| totolink | a3300r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", matchCriteriaId: "DD39B647-3419-4C6D-A6A2-30F40822A27D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", matchCriteriaId: "7F723A73-4B32-4F9E-B5DA-80134D4711C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.", }, { lang: "es", value: "Se descubrió que TOTOLINK A3300R V17.0.0cu.557_B20221024 contiene una vulnerabilidad de inyección de comandos a través del parámetro enable en la función setMacFilterRules.", }, ], id: "CVE-2024-24328", lastModified: "2024-11-21T08:59:10.997", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-01-30T15:15:09.487", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/12/TOTOlink%20A3300R%20setMacFilterRules.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/12/TOTOlink%20A3300R%20setMacFilterRules.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
cve-2024-23057
Vulnerability from cvelistv5
Published
2024-01-11 00:00
Modified
2024-08-30 19:15
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:51:11.202Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/5/TOTOlink%20A3300R%20setNtpCfg.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "a3300r_firmware", vendor: "totolink", versions: [ { status: "affected", version: "17.0.0cu.557_b20221024", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23057", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-30T19:13:33.879600Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-30T19:15:07.770Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-11T16:00:40.217030", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/5/TOTOlink%20A3300R%20setNtpCfg.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-23057", datePublished: "2024-01-11T00:00:00", dateReserved: "2024-01-11T00:00:00", dateUpdated: "2024-08-30T19:15:07.770Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23061
Vulnerability from cvelistv5
Published
2024-01-11 00:00
Modified
2024-08-01 22:51
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:51:11.293Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/3/TOTOLINK%20A3300R%20setScheduleCfg.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-11T16:02:07.961540", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/3/TOTOLINK%20A3300R%20setScheduleCfg.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-23061", datePublished: "2024-01-11T00:00:00", dateReserved: "2024-01-11T00:00:00", dateUpdated: "2024-08-01T22:51:11.293Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24330
Vulnerability from cvelistv5
Published
2024-01-30 00:00
Modified
2024-08-01 23:19
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:19:52.502Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/14/TOTOlink%20A3300R%20setRemoteCfg.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-30T14:44:52.479145", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/14/TOTOlink%20A3300R%20setRemoteCfg.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-24330", datePublished: "2024-01-30T00:00:00", dateReserved: "2024-01-25T00:00:00", dateUpdated: "2024-08-01T23:19:52.502Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-7155
Vulnerability from cvelistv5
Published
2024-07-28 10:00
Modified
2024-08-01 21:52
Severity ?
2.0 (Low) - CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
2.5 (Low) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
2.5 (Low) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS score ?
Summary
A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.272569 | vdb-entry | |
| https://vuldb.com/?ctiid.272569 | signature, permissions-required | |
| https://vuldb.com/?submit.377465 | third-party-advisory | |
| https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3300R/shadow.md | exploit |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "a3300r", vendor: "totolink", versions: [ { status: "affected", version: "17.0.0cu.557_B20221024", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-7155", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-29T14:00:45.836405Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-29T14:01:56.724Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:30.711Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-272569 | TOTOLINK A3300R shadow.sample hard-coded password", tags: [ "vdb-entry", "x_transferred", ], url: "https://vuldb.com/?id.272569", }, { name: "VDB-272569 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.272569", }, { name: "Submit #377465 | TOTOLINK A3300R V17.0.0cu.557_B20221024 Use of Hard-coded Password", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.377465", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3300R/shadow.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "A3300R", vendor: "TOTOLINK", versions: [ { status: "affected", version: "17.0.0cu.557_B20221024", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "yhryhryhr_tu (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", }, { lang: "de", value: "In TOTOLINK A3300R 17.0.0cu.557_B20221024 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /etc/shadow.sample. Dank der Manipulation mit unbekannten Daten kann eine use of hard-coded password-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 2, baseSeverity: "LOW", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 2.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 2.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 1, vectorString: "AV:L/AC:H/Au:S/C:P/I:N/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-259", description: "CWE-259 Use of Hard-coded Password", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-28T10:00:06.076Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-272569 | TOTOLINK A3300R shadow.sample hard-coded password", tags: [ "vdb-entry", ], url: "https://vuldb.com/?id.272569", }, { name: "VDB-272569 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.272569", }, { name: "Submit #377465 | TOTOLINK A3300R V17.0.0cu.557_B20221024 Use of Hard-coded Password", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.377465", }, { tags: [ "exploit", ], url: "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3300R/shadow.md", }, ], timeline: [ { lang: "en", time: "2024-07-27T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-07-27T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-07-27T19:32:38.000Z", value: "VulDB entry last update", }, ], title: "TOTOLINK A3300R shadow.sample hard-coded password", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-7155", datePublished: "2024-07-28T10:00:06.076Z", dateReserved: "2024-07-27T17:27:17.368Z", dateUpdated: "2024-08-01T21:52:30.711Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37173
Vulnerability from cvelistv5
Published
2023-07-07 00:00
Modified
2024-11-12 19:51
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:32.664Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_4", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "a3000ru", vendor: "totolink", versions: [ { status: "affected", version: "V17.0.0cu.557_B20221024", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-37173", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T19:50:21.612454Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T19:51:22.910Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-07T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_4", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-37173", datePublished: "2023-07-07T00:00:00", dateReserved: "2023-06-28T00:00:00", dateUpdated: "2024-11-12T19:51:22.910Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24332
Vulnerability from cvelistv5
Published
2024-01-30 00:00
Modified
2024-08-01 23:19
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:19:52.295Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/9/TOTOlink%20A3300R%20setUrlFilterRules.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-30T14:44:53.769795", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/9/TOTOlink%20A3300R%20setUrlFilterRules.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-24332", datePublished: "2024-01-30T00:00:00", dateReserved: "2024-01-25T00:00:00", dateUpdated: "2024-08-01T23:19:52.295Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23060
Vulnerability from cvelistv5
Published
2024-01-11 00:00
Modified
2024-08-01 22:51
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:51:11.209Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/4/TOTOLINK%20A3300R%20setDmzCfg.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-11T15:57:55.671679", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/4/TOTOLINK%20A3300R%20setDmzCfg.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-23060", datePublished: "2024-01-11T00:00:00", dateReserved: "2024-01-11T00:00:00", dateUpdated: "2024-08-01T22:51:11.209Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-7331
Vulnerability from cvelistv5
Published
2024-08-01 00:00
Modified
2024-08-01 14:18
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.273254 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.273254 | signature, permissions-required | |
| https://vuldb.com/?submit.378351 | third-party-advisory | |
| https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3300R/UploadCustomModule.md | exploit |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "a3300r_firmware", vendor: "totolink", versions: [ { status: "affected", version: "17.0.0cu.557_b20221024", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-7331", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-01T13:23:49.717773Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-01T14:18:14.922Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "A3300R", vendor: "TOTOLINK", versions: [ { status: "affected", version: "17.0.0cu.557_B20221024", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "yhryhryhr_miemie (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.", }, { lang: "de", value: "Eine Schwachstelle wurde in TOTOLINK A3300R 17.0.0cu.557_B20221024 gefunden. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion UploadCustomModule der Datei /cgi-bin/cstecgi.cgi. Durch die Manipulation des Arguments File mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 8.7, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV3_0: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, { cvssV2_0: { baseScore: 9, vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-01T00:00:06.525Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-273254 | TOTOLINK A3300R cstecgi.cgi UploadCustomModule buffer overflow", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.273254", }, { name: "VDB-273254 | CTI Indicators (IOB, IOC, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.273254", }, { name: "Submit #378351 | TOTOLINK A3300R V17.0.0cu.557_B20221024 Buffer Overflow", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.378351", }, { tags: [ "exploit", ], url: "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3300R/UploadCustomModule.md", }, ], timeline: [ { lang: "en", time: "2024-07-31T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-07-31T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-07-31T14:35:35.000Z", value: "VulDB entry last update", }, ], title: "TOTOLINK A3300R cstecgi.cgi UploadCustomModule buffer overflow", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-7331", datePublished: "2024-08-01T00:00:06.525Z", dateReserved: "2024-07-31T12:30:07.820Z", dateUpdated: "2024-08-01T14:18:14.922Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46976
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-09-06 19:36
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:01:22.453Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20A3300R/1/README.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "a3300r_firmware", vendor: "totolink", versions: [ { status: "affected", version: "17.0.0cu.557_b20221024", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-46976", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-06T19:35:32.646188Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-06T19:36:43.025Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-31T13:43:19.856313", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20A3300R/1/README.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-46976", datePublished: "2023-10-31T00:00:00", dateReserved: "2023-10-30T00:00:00", dateUpdated: "2024-09-06T19:36:43.025Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-22942
Vulnerability from cvelistv5
Published
2024-01-11 00:00
Modified
2024-08-01 22:51
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:51:11.207Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/1/TOTOlink%20A3300R%20setWanCfg.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-11T16:05:09.991658", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/1/TOTOlink%20A3300R%20setWanCfg.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-22942", datePublished: "2024-01-11T00:00:00", dateReserved: "2024-01-11T00:00:00", dateUpdated: "2024-08-01T22:51:11.207Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24333
Vulnerability from cvelistv5
Published
2024-01-30 00:00
Modified
2024-11-12 21:24
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:19:52.465Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/15/TOTOlink%20A3300R%20setWiFiAclRules.md", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-24333", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-02T16:48:33.699563Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T21:24:36.937Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-30T14:44:54.977095", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/15/TOTOlink%20A3300R%20setWiFiAclRules.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-24333", datePublished: "2024-01-30T00:00:00", dateReserved: "2024-01-25T00:00:00", dateUpdated: "2024-11-12T21:24:36.937Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31729
Vulnerability from cvelistv5
Published
2023-05-18 00:00
Modified
2025-01-22 14:54
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:56:35.539Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "http://totolink.com", }, { tags: [ "x_transferred", ], url: "https://github.com/D2y6p/CVE/blob/main/Totolink/CVE-2023-31729/CVE-2023-31729.md", }, { tags: [ "x_transferred", ], url: "https://github.com/D2y6p/CVE/blob/2bac2c96e24229fa99e0254eaac1b8809e424b4b/Totolink/CVE-2023-31729/CVE-2023-31729.md", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-31729", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-22T14:54:22.056682Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-22T14:54:26.895Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://github.com/D2y6p/CVE/blob/2bac2c96e24229fa99e0254eaac1b8809e424b4b/Totolink/CVE-2023-31729/CVE-2023-31729.md", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-07T19:18:23.150126", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "http://totolink.com", }, { url: "https://github.com/D2y6p/CVE/blob/main/Totolink/CVE-2023-31729/CVE-2023-31729.md", }, { url: "https://github.com/D2y6p/CVE/blob/2bac2c96e24229fa99e0254eaac1b8809e424b4b/Totolink/CVE-2023-31729/CVE-2023-31729.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-31729", datePublished: "2023-05-18T00:00:00", dateReserved: "2023-04-29T00:00:00", dateUpdated: "2025-01-22T14:54:26.895Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23059
Vulnerability from cvelistv5
Published
2024-01-11 00:00
Modified
2024-08-01 22:51
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:51:11.307Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/2/TOTOlink%20A3300R%20setDdnsCfg.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-11T15:59:11.356799", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/2/TOTOlink%20A3300R%20setDdnsCfg.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-23059", datePublished: "2024-01-11T00:00:00", dateReserved: "2024-01-11T00:00:00", dateUpdated: "2024-08-01T22:51:11.307Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24328
Vulnerability from cvelistv5
Published
2024-01-30 00:00
Modified
2024-08-28 15:22
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:19:52.520Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/12/TOTOlink%20A3300R%20setMacFilterRules.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "a3300r_firmware", vendor: "totolink", versions: [ { status: "affected", version: "17.0.0cu.557_b20221024", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-24328", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-01T17:05:10.413142Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-28T15:22:42.345Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-30T14:44:51.018648", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/12/TOTOlink%20A3300R%20setMacFilterRules.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-24328", datePublished: "2024-01-30T00:00:00", dateReserved: "2024-01-25T00:00:00", dateUpdated: "2024-08-28T15:22:42.345Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37172
Vulnerability from cvelistv5
Published
2023-07-07 00:00
Modified
2024-11-12 19:52
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:32.972Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_3", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "a3000ru", vendor: "totolink", versions: [ { status: "affected", version: "V17.0.0cu.557_B20221024", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-37172", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T19:52:08.555067Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T19:52:47.141Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-07T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_3", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-37172", datePublished: "2023-07-07T00:00:00", dateReserved: "2023-06-28T00:00:00", dateUpdated: "2024-11-12T19:52:47.141Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46993
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-09-06 19:57
Severity ?
EPSS score ?
Summary
In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:01:22.184Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R-Command%20Injection/readme.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "a3300r_firmware", vendor: "totolink", versions: [ { status: "affected", version: "17.0.0cu.557_b20221024", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-46993", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-06T19:56:21.610101Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-06T19:57:52.942Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-31T14:07:04.889574", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R-Command%20Injection/readme.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-46993", datePublished: "2023-10-31T00:00:00", dateReserved: "2023-10-30T00:00:00", dateUpdated: "2024-09-06T19:57:52.942Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24329
Vulnerability from cvelistv5
Published
2024-01-30 00:00
Modified
2024-10-18 14:07
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:19:52.141Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/10/TOTOlink%20A3300R%20setPortForwardRules.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "a3300r", vendor: "totolink", versions: [ { status: "affected", version: "V17.0.0cu.557_B20221024", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-24329", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-30T16:46:03.546946Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-18T14:07:02.167Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-30T14:44:51.933658", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/10/TOTOlink%20A3300R%20setPortForwardRules.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-24329", datePublished: "2024-01-30T00:00:00", dateReserved: "2024-01-25T00:00:00", dateUpdated: "2024-10-18T14:07:02.167Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24327
Vulnerability from cvelistv5
Published
2024-01-30 00:00
Modified
2024-08-01 23:19
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:19:52.100Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/7/TOTOlink%20A3300R%20setIpv6Cfg.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-30T14:44:50.449797", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/7/TOTOlink%20A3300R%20setIpv6Cfg.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-24327", datePublished: "2024-01-30T00:00:00", dateReserved: "2024-01-25T00:00:00", dateUpdated: "2024-08-01T23:19:52.100Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37170
Vulnerability from cvelistv5
Published
2023-07-07 00:00
Modified
2024-11-12 19:54
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:33.190Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_1", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "a3300r", vendor: "totolink", versions: [ { status: "affected", version: "V17.0.0cu.557_B20221024", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-37170", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T19:54:11.280232Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T19:54:46.026Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-07T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_1", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-37170", datePublished: "2023-07-07T00:00:00", dateReserved: "2023-06-28T00:00:00", dateUpdated: "2024-11-12T19:54:46.026Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24326
Vulnerability from cvelistv5
Published
2024-01-30 00:00
Modified
2024-08-29 18:08
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:19:52.149Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/8/TOTOlink%20A3300R%20setStaticDhcpRules.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "a3300r_firmware", vendor: "totolink", versions: [ { status: "affected", version: "17.0.0cu.557_B20221024", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-24326", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-01T19:21:01.714723Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-29T18:08:35.311Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-30T14:44:49.854363", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/8/TOTOlink%20A3300R%20setStaticDhcpRules.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-24326", datePublished: "2024-01-30T00:00:00", dateReserved: "2024-01-25T00:00:00", dateUpdated: "2024-08-29T18:08:35.311Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37171
Vulnerability from cvelistv5
Published
2023-07-07 00:00
Modified
2024-11-12 19:53
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:33.310Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_2", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "a3300r", vendor: "totolink", versions: [ { status: "affected", version: "V17.0.0cu.557_B20221024", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-37171", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T19:53:11.144158Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T19:53:47.609Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-07T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_2", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-37171", datePublished: "2023-07-07T00:00:00", dateReserved: "2023-06-28T00:00:00", dateUpdated: "2024-11-12T19:53:47.609Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24331
Vulnerability from cvelistv5
Published
2024-01-30 00:00
Modified
2024-08-01 23:19
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:19:52.669Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/13/TOTOlink%20A3300R%20setWiFiScheduleCfg.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-30T14:44:53.100548", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/13/TOTOlink%20A3300R%20setWiFiScheduleCfg.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-24331", datePublished: "2024-01-30T00:00:00", dateReserved: "2024-01-25T00:00:00", dateUpdated: "2024-08-01T23:19:52.669Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46992
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-10-28 19:06
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:01:22.694Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R/readme.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "a3300r_firmware", vendor: "totolink", versions: [ { status: "affected", version: "17.0.0cu.557_b20221024", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-46992", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-06T19:53:59.028905Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T19:06:24.639Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-31T14:02:22.722806", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R/readme.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-46992", datePublished: "2023-10-31T00:00:00", dateReserved: "2023-10-30T00:00:00", dateUpdated: "2024-10-28T19:06:24.639Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23058
Vulnerability from cvelistv5
Published
2024-01-11 00:00
Modified
2024-10-01 20:18
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:51:11.247Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/6/TOTOlink%20A3300R%20setTr069Cfg.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "a3300r_firmware", vendor: "totolink", versions: [ { status: "affected", version: "17.0.0cu.557_b20221024", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23058", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T20:14:37.533543Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-01T20:18:03.993Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-11T16:03:21.626235", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/6/TOTOlink%20A3300R%20setTr069Cfg.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-23058", datePublished: "2024-01-11T00:00:00", dateReserved: "2024-01-11T00:00:00", dateUpdated: "2024-10-01T20:18:03.993Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24325
Vulnerability from cvelistv5
Published
2024-01-30 00:00
Modified
2024-08-01 23:19
Severity ?
EPSS score ?
Summary
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:19:52.119Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/11/TOTOlink%20A3300R%20setParentalRules.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-30T14:44:48.915387", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/11/TOTOlink%20A3300R%20setParentalRules.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-24325", datePublished: "2024-01-30T00:00:00", dateReserved: "2024-01-25T00:00:00", dateUpdated: "2024-08-01T23:19:52.119Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }