CVE-2023-46993

Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version 17.0.0cu.557 B20221024

Description The issue arises when handling the setLedCfg request, where there is no verification for the enable parameter. This lack of verification can lead to command injection.

Recommendations For TOTOLINK A3300R version 17.0.0cu.557 B20221024, as a temporary workaround, consider disabling the setLedCfg request until a patch is available. Restrict access to the enable parameter in the setLedCfg request to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.