Search Results | AttackerKB

Show filters

Topics 24 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

24 Total Results

Displaying 11-20 of 24

Attacker Value

Unknown

CVE-2024-24325

Disclosure Date: January 30, 2024 (last updated February 01, 2024)

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2024-23061

Disclosure Date: January 11, 2024 (last updated January 19, 2024)

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2024-23060

Disclosure Date: January 11, 2024 (last updated January 19, 2024)

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2024-23059

Disclosure Date: January 11, 2024 (last updated January 19, 2024)

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2024-23058

Disclosure Date: January 11, 2024 (last updated January 19, 2024)

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2024-23057

Disclosure Date: January 11, 2024 (last updated January 19, 2024)

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2024-22942

Disclosure Date: January 11, 2024 (last updated January 19, 2024)

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2023-46993

Disclosure Date: October 31, 2023 (last updated November 09, 2023)

In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2023-46992

Disclosure Date: October 31, 2023 (last updated November 09, 2023)

TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2023-46976

Disclosure Date: October 31, 2023 (last updated November 08, 2023)

TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.

Attack Vector: Network Privileges: None User Interaction: None

0