Svigo-O

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi.

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi.

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi.

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi.

**Name of the Vulnerable Software and Affected Versions** ToToLink A3300R version 17.0.0cu.557 B20221024 **Description** An issue allows attackers to execute arbitrary commands via the `ttlWay` parameter in the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ToToLink A3300R version 17.0.0cu.557 B20221024 **Description** An issue allows attackers to execute arbitrary commands via the `dhcpMtu` parameter sent to the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ToToLink A3300R version 17.0.0cu.557 B20221024 **Description** An issue allows attackers to execute arbitrary commands via the `hour` parameter sent to the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ToToLink A3300R version 17.0.0cu.557 B20221024 **Description** An issue allows attackers to execute arbitrary commands via the `mode` parameter to the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ToToLink A3300R version 17.0.0cu.557 B20221024 **Description** An issue allows attackers to execute arbitrary commands via the `recHour` parameter sent to the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ToToLink A3300R version 17.0.0cu.557 B20221024 **Description** An issue allows attackers to execute arbitrary commands via the `week` parameter sent to the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ToToLink A3300R version 17.0.0cu.557 B20221024 **Description** An issue allows attackers to execute arbitrary commands via the `interval` parameter sent to the '/cgi-bin/cstecgi.cgi' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.