PT-2023-25816 · Totolink · Totolink A3300R

Published

2023-07-07

Updated

2023-07-13

CVE-2023-37171

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version 17.0.0cu.557 B20221024

Description A command injection issue was found in the setPasswordCfg function via the admuser parameter.

Recommendations For version 17.0.0cu.557 B20221024, consider disabling the setPasswordCfg function until a patch is available to prevent potential exploitation. Avoid using the admuser parameter in the affected function to minimize risk.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2023-37171

Affected Products

Totolink A3300R

PT-2023-25816 · Totolink · Totolink A3300R

CVE-2023-37171

Weakness Enumeration

Related Identifiers

Affected Products

References · 3