cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-24328,https://securityvulnerability.io/vulnerability/CVE-2024-24328,Command Injection Vulnerability in TOTOLINK A3300R Router,"A command injection vulnerability exists in the TOTOLINK A3300R router, specifically within the setMacFilterRules function. By manipulating the enable parameter, an attacker may execute arbitrary commands, potentially leading to unauthorized access or control over the device. This flaw highlights significant security implications for network environments utilizing this product, urging immediate review and remedial action by affected users.",Totolink,A3300r Firmware,9.8,CRITICAL,0.0560000017285347,false,false,false,false,,false,false,2024-01-30T00:00:00.000Z,0
CVE-2024-24326,https://securityvulnerability.io/vulnerability/CVE-2024-24326,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router has a vulnerability that enables command injection through the arpEnable parameter within the setStaticDhcpRules function. This flaw can allow an attacker to execute arbitrary commands on the affected device, potentially compromising the security and integrity of the network. Users of the affected versions are strongly advised to review their security configurations and apply necessary updates to mitigate the risks associated with this vulnerability.",Totolink,A3300r Firmware,9.8,CRITICAL,0.0560000017285347,false,false,false,false,,false,false,2024-01-30T00:00:00.000Z,0
CVE-2024-24325,https://securityvulnerability.io/vulnerability/CVE-2024-24325,Command Injection Vulnerability in TOTOLINK A3300R Router,"A command injection vulnerability has been identified in the TOTOLINK A3300R router, specifically affecting version V17.0.0cu.557_B20221024. This vulnerability is exploited through the enable parameter in the setParentalRules function, allowing attackers to execute arbitrary commands on the affected device. This security flaw raises concerns for user data protection and integrity while managing parental control settings. Immediate attention and updates are recommended to mitigate potential exploitation.",Totolink,A3300r Firmware,9.8,CRITICAL,0.0560000017285347,false,false,false,false,,false,false,2024-01-30T00:00:00.000Z,0
CVE-2024-24333,https://securityvulnerability.io/vulnerability/CVE-2024-24333,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router has been identified to have a command injection vulnerability that allows attackers to exploit the desc parameter within the setWiFiAclRules function. This vulnerability can lead to unauthorized command execution, potentially compromising the affected device's security and enabling attackers to manipulate network settings or gain unauthorized access. Securing devices against such vulnerabilities is critical to maintaining the integrity of home and office networking environments.",Totolink,A3300r Firmware,9.8,CRITICAL,0.0560000017285347,false,false,false,false,,false,false,2024-01-30T00:00:00.000Z,0
CVE-2024-24332,https://securityvulnerability.io/vulnerability/CVE-2024-24332,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router is affected by a command injection vulnerability that arises from improper handling of the 'url' parameter in the setUrlFilterRules function. This flaw allows an attacker to execute arbitrary commands on the affected system. By crafting a malicious request, an unauthorized user could potentially manipulate the router's configuration or perform other unintended actions. It is critical for users of the TOTOLINK A3300R to apply the latest updates and follow security best practices to mitigate the risk associated with this vulnerability.",Totolink,A3300r Firmware,9.8,CRITICAL,0.0560000017285347,false,false,false,false,,false,false,2024-01-30T00:00:00.000Z,0
CVE-2024-24331,https://securityvulnerability.io/vulnerability/CVE-2024-24331,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router version V17.0.0cu.557_B20221024 is susceptible to a command injection vulnerability that can be exploited by manipulating the enable parameter within the setWiFiScheduleCfg function. Attackers leveraging this vulnerability can execute arbitrary commands on the affected device, posing significant risks to network security, data integrity, and overall device functionality. Proper security measures and timely updates are essential to mitigate potential threats associated with this vulnerability.",Totolink,A3300r Firmware,9.8,CRITICAL,0.0560000017285347,false,false,false,false,,false,false,2024-01-30T00:00:00.000Z,0
CVE-2024-24330,https://securityvulnerability.io/vulnerability/CVE-2024-24330,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router has been identified with a command injection issue that can be exploited via the 'port' or 'enable' parameters in the setRemoteCfg function. This vulnerability allows an attacker to execute arbitrary commands on the device, potentially compromising its security and gaining unauthorized access to the network. Users of the A3300R should be cautious and look for updates or patches that address this vulnerability to ensure their network remains secure.",Totolink,A3300r Firmware,9.8,CRITICAL,0.0560000017285347,false,false,false,false,,false,false,2024-01-30T00:00:00.000Z,0
CVE-2024-24329,https://securityvulnerability.io/vulnerability/CVE-2024-24329,Command Injection Vulnerability in TOTOLINK A3300R Product,"A command injection vulnerability has been identified in the TOTOLINK A3300R product, specifically affecting version V17.0.0cu.557_B20221024. This vulnerability arises through the enable parameter within the setPortForwardRules function, allowing an attacker to exploit the system by passing arbitrary commands. As a result, unauthorized commands could be executed, leading to potential compromise of the device and its network environment. Users are advised to take precautionary measures and apply any available updates or patches to secure their systems.",Totolink,A3300r Firmware,9.8,CRITICAL,0.0560000017285347,false,false,false,false,,false,false,2024-01-30T00:00:00.000Z,0
CVE-2024-24327,https://securityvulnerability.io/vulnerability/CVE-2024-24327,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router has been identified to have a command injection vulnerability that arises from improper handling of the pppoePass parameter in the setIpv6Cfg function. This flaw permits attackers to inject and execute arbitrary commands on the affected device, potentially leading to unauthorized access and system compromise. It is crucial for users of the A3300R model to review their device configurations and apply any available security patches to mitigate this risk.",Totolink,A3300r Firmware,9.8,CRITICAL,0.0560000017285347,false,false,false,false,,false,false,2024-01-30T00:00:00.000Z,0
CVE-2024-23058,https://securityvulnerability.io/vulnerability/CVE-2024-23058,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router has been identified with a command injection vulnerability that occurs through the pass parameter in the setTr069Cfg function. This weakness allows attackers to execute arbitrary commands on the system, compromising its integrity and potentially gaining unauthorized access to sensitive information. Admins of affected versions should prioritize patching this vulnerability to mitigate risks associated with system exploitation.",Totolink,A3300r Firmware,9.8,CRITICAL,0.04032000154256821,false,false,false,false,,false,false,2024-01-11T00:00:00.000Z,0
CVE-2024-23057,https://securityvulnerability.io/vulnerability/CVE-2024-23057,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router has a command injection vulnerability that allows an attacker to inject arbitrary commands through the tz parameter in the setNtpCfg function. This security flaw can potentially allow unauthorized access and manipulation of the device, leading to adverse effects on network integrity and privacy. Users of the A3300R firmware version V17.0.0cu.557_B20221024 should take measures to patch and secure their devices to mitigate potential risks associated with this vulnerability.",Totolink,A3300r Firmware,9.8,CRITICAL,0.04032000154256821,false,false,false,false,,false,false,2024-01-11T00:00:00.000Z,0
CVE-2023-46976,https://securityvulnerability.io/vulnerability/CVE-2023-46976,,TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.,Totolink,A3300r Firmware,9.8,CRITICAL,0.5105699896812439,false,false,false,false,,false,false,2023-10-31T00:00:00.000Z,0
CVE-2023-46993,https://securityvulnerability.io/vulnerability/CVE-2023-46993,,"In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.",Totolink,A3300r Firmware,9.8,CRITICAL,0.5105699896812439,false,false,false,false,,false,false,2023-10-31T00:00:00.000Z,0
CVE-2023-46992,https://securityvulnerability.io/vulnerability/CVE-2023-46992,,TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.,Totolink,A3300r Firmware,7.5,HIGH,0.0010600000387057662,false,false,false,false,,false,false,2023-10-31T00:00:00.000Z,0
CVE-2023-37173,https://securityvulnerability.io/vulnerability/CVE-2023-37173,Command Injection Vulnerability in TOTOLINK A3300R Router,"A command injection vulnerability has been identified in the TOTOLINK A3300R router, specifically in the setTracerouteCfg function. This vulnerability arises from improper handling of the command parameter, allowing an attacker to execute arbitrary commands on the device. Exploiting this vulnerability could lead to a complete compromise of the affected device, making it crucial for users to apply security patches and updates as they become available.",Totolink,A3300r Firmware,9.8,CRITICAL,0.009949999861419201,false,false,false,false,,false,false,2023-07-07T00:00:00.000Z,0
CVE-2023-37171,https://securityvulnerability.io/vulnerability/CVE-2023-37171,Command Injection Vulnerability in TOTOLINK A3300R Router,"TOTOLINK A3300R routers, specifically version V17.0.0cu.557_B20221024, have been identified with a command injection vulnerability. This issue arises through the admuser parameter in the setPasswordCfg function, potentially allowing attackers to execute arbitrary commands in the system. Ensuring timely patching and awareness of this vulnerability is crucial to maintaining network integrity and security.",Totolink,A3300r Firmware,9.8,CRITICAL,0.008969999849796295,false,false,false,false,,false,false,2023-07-07T00:00:00.000Z,0
CVE-2023-37172,https://securityvulnerability.io/vulnerability/CVE-2023-37172,Command Injection Vulnerability in TOTOLINK A3300R Router,"A command injection vulnerability exists in the TOTOLINK A3300R router, allowing an attacker to exploit the 'ip' parameter in the setDiagnosisCfg function. By sending crafted requests, an unauthorized user may execute arbitrary commands on the system, risking the integrity and availability of the device. This vulnerability highlights the critical need for robust input validation in network devices.",Totolink,A3300r Firmware,9.8,CRITICAL,0.008969999849796295,false,false,false,false,,false,false,2023-07-07T00:00:00.000Z,0
CVE-2023-37170,https://securityvulnerability.io/vulnerability/CVE-2023-37170,,TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.,Totolink,A3300r Firmware,9.8,CRITICAL,0.0038399999029934406,false,false,false,false,,false,false,2023-07-07T00:00:00.000Z,0
CVE-2023-31729,https://securityvulnerability.io/vulnerability/CVE-2023-31729,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router is impacted by a command injection vulnerability found in the /cgi-bin/cstecgi.cgi interface. An attacker can exploit this flaw by injecting arbitrary commands through crafted requests, leading to potential unauthorized access and manipulation of the device. Securing the affected firmware version is essential to safeguard network integrity.",Totolink,A3300r Firmware,9.8,CRITICAL,0.010409999638795853,false,false,false,false,,false,false,2023-05-18T02:15:00.000Z,0