Totolink A3300r Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Totolink A3300r Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (64)
CVE-2023-46976 — CVSS 9.8 (critical): TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.
CVE-2023-46993 — CVSS 9.8 (critical): In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which…
CVE-2024-22942 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the…
CVE-2024-23057 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg…
CVE-2024-23058 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the…
CVE-2024-23059 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the…
CVE-2026-31170 — CVSS 9.8 (critical): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the…
CVE-2024-23060 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg…
CVE-2024-23061 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the…
CVE-2024-24325 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the…
CVE-2026-31175 — CVSS 9.8 (critical): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the…
CVE-2024-24326 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the…
CVE-2026-31177 — CVSS 9.8 (critical): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the…
CVE-2026-31178 — CVSS 9.8 (critical): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the…
CVE-2024-24327 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the…
CVE-2026-31181 — CVSS 9.8 (critical): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the…
CVE-2024-24328 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the…
CVE-2024-24329 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the…
CVE-2024-24330 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the…
CVE-2024-24331 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the…
CVE-2024-24332 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the…
CVE-2024-24333 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the…
CVE-2025-52046 — CVSS 9.8 (critical): Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and…
CVE-2023-37170 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang…
CVE-2023-37171 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the…
CVE-2023-37172 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the…
CVE-2023-37173 — CVSS 9.8 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the…
CVE-2025-55895 — CVSS 9.1 (critical): TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access…
CVE-2025-12258 — CVSS 8.8 (high): A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. Impacted is the function setOpModeCfg of the file…
CVE-2025-12259 — CVSS 8.8 (high): A flaw has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The affected element is the function setScheduleCfg of the file…
CVE-2025-12260 — CVSS 8.8 (high): A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setSyslogCfg of the file…
CVE-2025-12240 — CVSS 8.8 (high): A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects the function setDmzCfg of the file…
CVE-2024-7331 — CVSS 8.8 (high): A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function…
CVE-2025-12239 — CVSS 8.8 (high): A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setDdnsCfg of the file…
CVE-2025-12241 — CVSS 8.8 (high): A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This impacts the function setLanguageCfg of the file…
CVE-2024-27521 — CVSS 8.0 (high): TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via…
CVE-2023-46992 — CVSS 7.5 (high): TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords…
CVE-2026-5176 — CVSS 7.3 (high): A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of the file…
CVE-2026-31172 — CVSS 6.5 (medium): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the user…
CVE-2025-55901 — CVSS 6.5 (medium): TOTOLINK A3300R V17.0.0cu.596_B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the host_time parameter.
CVE-2026-31159 — CVSS 6.5 (medium): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the…
CVE-2026-31160 — CVSS 6.5 (medium): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the…
CVE-2026-31162 — CVSS 6.5 (medium): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the ttlWay…
CVE-2026-31163 — CVSS 6.5 (medium): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the…
CVE-2026-31164 — CVSS 6.5 (medium): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the…
CVE-2026-31165 — CVSS 6.5 (medium): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the…
CVE-2026-31166 — CVSS 6.5 (medium): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the hour…
CVE-2026-31167 — CVSS 6.5 (medium): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the mode…
CVE-2026-31168 — CVSS 6.5 (medium): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the…
CVE-2026-31169 — CVSS 6.5 (medium): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the week…
CVE-2026-31171 — CVSS 6.5 (medium): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the url…
CVE-2026-31173 — CVSS 6.5 (medium): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the…
CVE-2026-31174 — CVSS 6.5 (medium): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the…
CVE-2026-31176 — CVSS 6.5 (medium): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the…
CVE-2026-31179 — CVSS 6.5 (medium): An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the…
CVE-2026-5178 — CVSS 6.3 (medium): A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this issue is the function setIptvCfg of…
CVE-2026-5102 — CVSS 6.3 (medium): A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability affects the function setSmartQosCfg of…
CVE-2026-5103 — CVSS 6.3 (medium): A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file…
CVE-2026-5104 — CVSS 6.3 (medium): A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file…
CVE-2026-5105 — CVSS 6.3 (medium): A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file…
CVE-2026-5101 — CVSS 6.3 (medium): A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file…
CVE-2026-5177 — CVSS 6.3 (medium): A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of…
CVE-2024-7155 — CVSS 2.5 (low): A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is…