Funny-Mud-Peee

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3300R version 17.0.0cu.557 B20221024 **Description** A command injection issue was discovered via the `url` parameter in the `setUrlFilterRules` function. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** For TOTOLINK A3300R version 17.0.0cu.557 B20221024, consider disabling the `setUrlFilterRules` function until a patch is available to prevent command injection via the `url` parameter. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3300R version 17.0.0cu.557 B20221024 **Description** A command injection issue was discovered via the `desc` parameter in the `setWiFiAclRules` function. This allows for potential command injection attacks. **Recommendations** For TOTOLINK A3300R version 17.0.0cu.557 B20221024, as a temporary workaround, consider restricting access to the `setWiFiAclRules` function until a patch is available. Avoid using the `desc` parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.