AuroraHaaash/vul_report

Releases0

Vulnerability Reports

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-46992 ↗	Oct 31, 2023Tuesday, 31 October 2023, 15:15	7.5 HIGH	—
TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.
CVE-2023-46993 ↗	Oct 31, 2023Tuesday, 31 October 2023, 15:15	9.8 CRITICAL	—
In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.