cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7331,https://securityvulnerability.io/vulnerability/CVE-2024-7331,Buffer Overflow Vulnerability in TOTOLINK A3300R,"A critical buffer overflow vulnerability has been identified in the TOTOLINK A3300R router within the UploadCustomModule function located at /cgi-bin/cstecgi.cgi. This vulnerability stems from improper handling of input parameters, where the argument 'File' can be manipulated, allowing for remote code execution through a buffer overflow exploit. The flaw can be exploited without user authentication, putting affected devices at significant risk. The vendor has been notified about the issue but has yet to respond or provide a fix. Users of the affected versions are advised to take precautionary measures to secure their devices.",Totolink,A3300r,8.8,HIGH,0.0016499999910593033,false,,false,false,true,2024-07-31T23:15:00.000Z,true,false,false,,2024-08-01T00:15:00.000Z,0
CVE-2024-7155,https://securityvulnerability.io/vulnerability/CVE-2024-7155,Hard-coded password vulnerability in TOTOLINK A3300R 17.0.0cu.557_B20221024 can lead to local host attack with high complexity and difficulty of exploitation.,A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-272569 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,Totolink,A3300r,4.7,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-07-28T09:00:06.000Z,true,false,false,,2024-07-28T10:00:06.076Z,0
CVE-2024-24325,https://securityvulnerability.io/vulnerability/CVE-2024-24325,Command Injection Vulnerability in TOTOLINK A3300R Router,"A command injection vulnerability has been identified in the TOTOLINK A3300R router, specifically affecting version V17.0.0cu.557_B20221024. This vulnerability is exploited through the enable parameter in the setParentalRules function, allowing attackers to execute arbitrary commands on the affected device. This security flaw raises concerns for user data protection and integrity while managing parental control settings. Immediate attention and updates are recommended to mitigate potential exploitation.",Totolink,A3300r Firmware,9.8,CRITICAL,0.03135000169277191,false,,false,false,false,,,false,false,,2024-01-30T00:00:00.000Z,0
CVE-2024-24326,https://securityvulnerability.io/vulnerability/CVE-2024-24326,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router has a vulnerability that enables command injection through the arpEnable parameter within the setStaticDhcpRules function. This flaw can allow an attacker to execute arbitrary commands on the affected device, potentially compromising the security and integrity of the network. Users of the affected versions are strongly advised to review their security configurations and apply necessary updates to mitigate the risks associated with this vulnerability.",Totolink,A3300r Firmware,9.8,CRITICAL,0.03135000169277191,false,,false,false,false,,,false,false,,2024-01-30T00:00:00.000Z,0
CVE-2024-24327,https://securityvulnerability.io/vulnerability/CVE-2024-24327,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router has been identified to have a command injection vulnerability that arises from improper handling of the pppoePass parameter in the setIpv6Cfg function. This flaw permits attackers to inject and execute arbitrary commands on the affected device, potentially leading to unauthorized access and system compromise. It is crucial for users of the A3300R model to review their device configurations and apply any available security patches to mitigate this risk.",Totolink,A3300r Firmware,9.8,CRITICAL,0.03135000169277191,false,,false,false,false,,,false,false,,2024-01-30T00:00:00.000Z,0
CVE-2024-24328,https://securityvulnerability.io/vulnerability/CVE-2024-24328,Command Injection Vulnerability in TOTOLINK A3300R Router,"A command injection vulnerability exists in the TOTOLINK A3300R router, specifically within the setMacFilterRules function. By manipulating the enable parameter, an attacker may execute arbitrary commands, potentially leading to unauthorized access or control over the device. This flaw highlights significant security implications for network environments utilizing this product, urging immediate review and remedial action by affected users.",Totolink,A3300r Firmware,9.8,CRITICAL,0.03135000169277191,false,,false,false,false,,,false,false,,2024-01-30T00:00:00.000Z,0
CVE-2024-24329,https://securityvulnerability.io/vulnerability/CVE-2024-24329,Command Injection Vulnerability in TOTOLINK A3300R Product,"A command injection vulnerability has been identified in the TOTOLINK A3300R product, specifically affecting version V17.0.0cu.557_B20221024. This vulnerability arises through the enable parameter within the setPortForwardRules function, allowing an attacker to exploit the system by passing arbitrary commands. As a result, unauthorized commands could be executed, leading to potential compromise of the device and its network environment. Users are advised to take precautionary measures and apply any available updates or patches to secure their systems.",Totolink,A3300r Firmware,9.8,CRITICAL,0.03135000169277191,false,,false,false,false,,,false,false,,2024-01-30T00:00:00.000Z,0
CVE-2024-24330,https://securityvulnerability.io/vulnerability/CVE-2024-24330,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router has been identified with a command injection issue that can be exploited via the 'port' or 'enable' parameters in the setRemoteCfg function. This vulnerability allows an attacker to execute arbitrary commands on the device, potentially compromising its security and gaining unauthorized access to the network. Users of the A3300R should be cautious and look for updates or patches that address this vulnerability to ensure their network remains secure.",Totolink,A3300r Firmware,9.8,CRITICAL,0.03135000169277191,false,,false,false,false,,,false,false,,2024-01-30T00:00:00.000Z,0
CVE-2024-24331,https://securityvulnerability.io/vulnerability/CVE-2024-24331,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router version V17.0.0cu.557_B20221024 is susceptible to a command injection vulnerability that can be exploited by manipulating the enable parameter within the setWiFiScheduleCfg function. Attackers leveraging this vulnerability can execute arbitrary commands on the affected device, posing significant risks to network security, data integrity, and overall device functionality. Proper security measures and timely updates are essential to mitigate potential threats associated with this vulnerability.",Totolink,A3300r Firmware,9.8,CRITICAL,0.03135000169277191,false,,false,false,false,,,false,false,,2024-01-30T00:00:00.000Z,0
CVE-2024-24332,https://securityvulnerability.io/vulnerability/CVE-2024-24332,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router is affected by a command injection vulnerability that arises from improper handling of the 'url' parameter in the setUrlFilterRules function. This flaw allows an attacker to execute arbitrary commands on the affected system. By crafting a malicious request, an unauthorized user could potentially manipulate the router's configuration or perform other unintended actions. It is critical for users of the TOTOLINK A3300R to apply the latest updates and follow security best practices to mitigate the risk associated with this vulnerability.",Totolink,A3300r Firmware,9.8,CRITICAL,0.03135000169277191,false,,false,false,false,,,false,false,,2024-01-30T00:00:00.000Z,0
CVE-2024-24333,https://securityvulnerability.io/vulnerability/CVE-2024-24333,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router has been identified to have a command injection vulnerability that allows attackers to exploit the desc parameter within the setWiFiAclRules function. This vulnerability can lead to unauthorized command execution, potentially compromising the affected device's security and enabling attackers to manipulate network settings or gain unauthorized access. Securing devices against such vulnerabilities is critical to maintaining the integrity of home and office networking environments.",Totolink,A3300r Firmware,9.8,CRITICAL,0.03135000169277191,false,,false,false,false,,,false,false,,2024-01-30T00:00:00.000Z,0
CVE-2024-23057,https://securityvulnerability.io/vulnerability/CVE-2024-23057,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router has a command injection vulnerability that allows an attacker to inject arbitrary commands through the tz parameter in the setNtpCfg function. This security flaw can potentially allow unauthorized access and manipulation of the device, leading to adverse effects on network integrity and privacy. Users of the A3300R firmware version V17.0.0cu.557_B20221024 should take measures to patch and secure their devices to mitigate potential risks associated with this vulnerability.",Totolink,A3300r Firmware,9.8,CRITICAL,0.02727999910712242,false,,false,false,false,,,false,false,,2024-01-11T00:00:00.000Z,0
CVE-2024-23058,https://securityvulnerability.io/vulnerability/CVE-2024-23058,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router has been identified with a command injection vulnerability that occurs through the pass parameter in the setTr069Cfg function. This weakness allows attackers to execute arbitrary commands on the system, compromising its integrity and potentially gaining unauthorized access to sensitive information. Admins of affected versions should prioritize patching this vulnerability to mitigate risks associated with system exploitation.",Totolink,A3300r Firmware,9.8,CRITICAL,0.02727999910712242,false,,false,false,false,,,false,false,,2024-01-11T00:00:00.000Z,0
CVE-2023-46992,https://securityvulnerability.io/vulnerability/CVE-2023-46992,Incorrect Access Control Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router version V17.0.0cu.557_B20221024 is exposed to an incorrect access control vulnerability. This flaw enables unauthorized attackers to reset several critical passwords by simply navigating to specific pages without requiring proper authentication, potentially compromising network security.",Totolink,A3300r Firmware,7.5,HIGH,0.0010600000387057662,false,,false,false,false,,,false,false,,2023-10-31T00:00:00.000Z,0
CVE-2023-46993,https://securityvulnerability.io/vulnerability/CVE-2023-46993,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router is susceptible to a command injection vulnerability when processing the setLedCfg request. This issue arises from the absence of proper verification for the enable parameter, which can allow attackers to execute arbitrary commands on the device. Exploiting this vulnerability could lead to unauthorized access and manipulation of the router, posing significant security risks to users. Mitigation measures should be taken to ensure that parameters are adequately validated before any processing.",Totolink,A3300r Firmware,9.8,CRITICAL,0.5105699896812439,false,,false,false,false,,,false,false,,2023-10-31T00:00:00.000Z,0
CVE-2023-46976,https://securityvulnerability.io/vulnerability/CVE-2023-46976,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router version 17.0.0cu.557_B20221024 is susceptible to a command injection vulnerability. This issue arises due to improper validation of the file_name parameter within the UploadFirmwareFile function. An attacker could exploit this flaw to execute arbitrary commands on the device, potentially leading to unauthorized access or manipulation of device settings. It is critical for users to apply security measures and updates to safeguard against exploitation.",Totolink,A3300r Firmware,9.8,CRITICAL,0.5105699896812439,false,,false,false,false,,,false,false,,2023-10-31T00:00:00.000Z,0
CVE-2023-37171,https://securityvulnerability.io/vulnerability/CVE-2023-37171,Command Injection Vulnerability in TOTOLINK A3300R Router,"TOTOLINK A3300R routers, specifically version V17.0.0cu.557_B20221024, have been identified with a command injection vulnerability. This issue arises through the admuser parameter in the setPasswordCfg function, potentially allowing attackers to execute arbitrary commands in the system. Ensuring timely patching and awareness of this vulnerability is crucial to maintaining network integrity and security.",Totolink,A3300r Firmware,9.8,CRITICAL,0.009929999709129333,false,,false,false,false,,,false,false,,2023-07-07T00:00:00.000Z,0
CVE-2023-37170,https://securityvulnerability.io/vulnerability/CVE-2023-37170,Remote Code Execution Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router has been identified with a vulnerability allowing unauthenticated remote code execution through the lang parameter in the setLanguageCfg function. This flaw could potentially enable an attacker to execute arbitrary commands on the device, compromising the integrity of the network and exposing sensitive information. It is critical for users to apply the latest firmware updates and mitigate risks associated with this vulnerability.",Totolink,A3300r Firmware,9.8,CRITICAL,0.003869999898597598,false,,false,false,false,,,false,false,,2023-07-07T00:00:00.000Z,0
CVE-2023-37172,https://securityvulnerability.io/vulnerability/CVE-2023-37172,Command Injection Vulnerability in TOTOLINK A3300R Router,"A command injection vulnerability exists in the TOTOLINK A3300R router, allowing an attacker to exploit the 'ip' parameter in the setDiagnosisCfg function. By sending crafted requests, an unauthorized user may execute arbitrary commands on the system, risking the integrity and availability of the device. This vulnerability highlights the critical need for robust input validation in network devices.",Totolink,A3300r Firmware,9.8,CRITICAL,0.009929999709129333,false,,false,false,false,,,false,false,,2023-07-07T00:00:00.000Z,0
CVE-2023-37173,https://securityvulnerability.io/vulnerability/CVE-2023-37173,Command Injection Vulnerability in TOTOLINK A3300R Router,"A command injection vulnerability has been identified in the TOTOLINK A3300R router, specifically in the setTracerouteCfg function. This vulnerability arises from improper handling of the command parameter, allowing an attacker to execute arbitrary commands on the device. Exploiting this vulnerability could lead to a complete compromise of the affected device, making it crucial for users to apply security patches and updates as they become available.",Totolink,A3300r Firmware,9.8,CRITICAL,0.011020000092685223,false,,false,false,false,,,false,false,,2023-07-07T00:00:00.000Z,0
CVE-2023-31729,https://securityvulnerability.io/vulnerability/CVE-2023-31729,Command Injection Vulnerability in TOTOLINK A3300R Router,"The TOTOLINK A3300R router is impacted by a command injection vulnerability found in the /cgi-bin/cstecgi.cgi interface. An attacker can exploit this flaw by injecting arbitrary commands through crafted requests, leading to potential unauthorized access and manipulation of the device. Securing the affected firmware version is essential to safeguard network integrity.",Totolink,A3300r Firmware,9.8,CRITICAL,0.010409999638795853,false,,false,false,false,,,false,false,,2023-05-18T02:15:00.000Z,0