Filtered by vendor Totolink
Subscriptions
Filtered by product A3300r
Subscriptions
Total
35 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55895 | 1 Totolink | 2 A3300r, N200re | 2025-12-16 | 9.1 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in (remote). | ||||
| CVE-2025-55901 | 1 Totolink | 1 A3300r | 2025-12-15 | 6.5 Medium |
| TOTOLINK A3300R V17.0.0cu.596_B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the host_time parameter. | ||||
| CVE-2025-12241 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-10-28 | 8.8 High |
| A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2025-12258 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-10-28 | 8.8 High |
| A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. Impacted is the function setOpModeCfg of the file /cgi-bin/cstecgi.cg of the component POST Parameter Handler. The manipulation of the argument opmode results in stack-based buffer overflow. The attack may be performed from remote. | ||||
| CVE-2025-12259 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-10-28 | 8.8 High |
| A flaw has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. This manipulation of the argument recHour causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2025-12260 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-10-28 | 8.8 High |
| A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. Such manipulation of the argument enable leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-12240 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-10-27 | 8.8 High |
| A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-12239 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-10-27 | 8.8 High |
| A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Executing manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-52046 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-09-26 | 9.8 Critical |
| Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2024-24325 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-20 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function. | ||||
| CVE-2024-23061 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-20 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function. | ||||
| CVE-2024-23060 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-17 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function. | ||||
| CVE-2024-24333 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-12 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function. | ||||
| CVE-2024-24329 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-12 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function. | ||||
| CVE-2024-24330 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-09 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function. | ||||
| CVE-2024-23059 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-03 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function. | ||||
| CVE-2024-22942 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-03 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function. | ||||
| CVE-2024-24332 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-05-30 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function. | ||||
| CVE-2024-24331 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-05-29 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function. | ||||
| CVE-2024-24327 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-05-29 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function. | ||||