Lvhw

**Name of the Vulnerable Software and Affected Versions** Totolink A3300R version 17.0.0cu.557 b20221024 **Description** A security flaw exists in Totolink A3300R version 17.0.0cu.557 b20221024. A command injection can be triggered by manipulating the argument provided to the `setSyslogCfg` function within the `/cgi-bin/cstecgi.cgi` file. This attack can be initiated remotely. The exploit has been publicly released. **Recommendations** Apply a software update that addresses the vulnerability in the `setSyslogCfg` function of the `/cgi-bin/cstecgi.cgi` file.

**Name of the Vulnerable Software and Affected Versions** Totolink A3300R version 17.0.0cu.557 b20221024 **Description** A flaw exists in the `setWiFiBasicCfg` function within the `/cgi-bin/cstecgi.cgi` file. Manipulation of the `rxRate` argument can result in command injection, potentially allowing for remote attacks. The exploit for this issue has been publicly released. **Recommendations** Apply a software update that addresses the vulnerability in the `setWiFiBasicCfg` function. As a temporary workaround, restrict access to the `/cgi-bin/cstecgi.cgi` file. Avoid using the `rxRate` parameter in the `setWiFiBasicCfg` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Totolink A3300R version 17.0.0cu.557 b20221024 **Description** A security issue exists in Totolink A3300R 17.0.0cu.557 b20221024. The `setIptvCfg` function within the `/cgi-bin/cstecgi.cgi` file is susceptible to command injection through manipulation of the `vlanPriLan3` argument. Remote exploitation is possible. The exploit has been publicly disclosed. **Recommendations** Apply a software update that addresses the vulnerability in the `setIptvCfg` function. As a temporary workaround, restrict access to the `/cgi-bin/cstecgi.cgi` file. Avoid using the `vlanPriLan3` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Totolink A3300R version 17.0.0cu.557 b20221024 **Description** A flaw exists in the Totolink A3300R device. The `setUPnPCfg` function within the `/cgi-bin/cstecgi.cgi` file is susceptible to command injection through manipulation of the `enable` argument. This allows for remote execution of commands. The exploit for this issue has been publicly released. **Recommendations** Apply a software update that addresses the issue in the `setUPnPCfg` function of the `/cgi-bin/cstecgi.cgi` file.

**Name of the Vulnerable Software and Affected Versions** Totolink A3300R version 17.0.0cu.557 b20221024 **Description** A security issue exists in Totolink A3300R version 17.0.0cu.557 b20221024. The `setStaticRoute` function within the `/cgi-bin/cstecgi.cgi` file is susceptible to command injection through manipulation of the `ip` argument. This allows for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations** Apply a newer version of the software that addresses this vulnerability. As a temporary workaround, consider restricting access to the `/cgi-bin/cstecgi.cgi` file.

**Name of the Vulnerable Software and Affected Versions** Totolink A3300R version 17.0.0cu.557 b20221024 **Description** A flaw exists in the Totolink A3300R that allows for command injection. The issue is located in the `setVpnPassCfg` function within the `/cgi-bin/cstecgi.cgi` file of the Parameter Handler component. Manipulation of the `pptpPassThru` argument can lead to unauthorized command execution remotely. The exploit is publicly available. **Recommendations** Update to a newer version that contains a fix for this vulnerability.