Svigo-o/TOTOLINK-Vul

GitHub

github.com

Releases0

Stars1

Vul of Totolink router device

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-31173 ↗	Apr 23, 2026Thursday, 23 April 2026, 19:17	6.5 MEDIUM	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31169 ↗	Apr 23, 2026Thursday, 23 April 2026, 19:17	6.5 MEDIUM	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31162 ↗	Apr 23, 2026Thursday, 23 April 2026, 19:17	6.5 MEDIUM	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31163 ↗	Apr 23, 2026Thursday, 23 April 2026, 19:17	6.5 MEDIUM	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31166 ↗	Apr 23, 2026Thursday, 23 April 2026, 19:17	6.5 MEDIUM	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31167 ↗	Apr 23, 2026Thursday, 23 April 2026, 19:17	6.5 MEDIUM	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31168 ↗	Apr 23, 2026Thursday, 23 April 2026, 19:17	6.5 MEDIUM	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31181 ↗	Apr 23, 2026Thursday, 23 April 2026, 18:16	9.8 CRITICAL	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31179 ↗	Apr 23, 2026Thursday, 23 April 2026, 18:16	6.5 MEDIUM	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31178 ↗	Apr 23, 2026Thursday, 23 April 2026, 18:16	9.8 CRITICAL	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31175 ↗	Apr 23, 2026Thursday, 23 April 2026, 18:16	9.8 CRITICAL	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31171 ↗	Apr 23, 2026Thursday, 23 April 2026, 18:16	6.5 MEDIUM	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31172 ↗	Apr 23, 2026Thursday, 23 April 2026, 18:16	6.5 MEDIUM	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the user parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31174 ↗	Apr 23, 2026Thursday, 23 April 2026, 18:16	6.5 MEDIUM	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31159 ↗	Apr 23, 2026Thursday, 23 April 2026, 18:16	6.5 MEDIUM	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31176 ↗	Apr 23, 2026Thursday, 23 April 2026, 18:16	6.5 MEDIUM	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun_user parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31177 ↗	Apr 23, 2026Thursday, 23 April 2026, 18:16	9.8 CRITICAL	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31165 ↗	Apr 23, 2026Thursday, 23 April 2026, 18:16	6.5 MEDIUM	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31164 ↗	Apr 23, 2026Thursday, 23 April 2026, 18:16	6.5 MEDIUM	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31160 ↗	Apr 23, 2026Thursday, 23 April 2026, 18:16	6.5 MEDIUM	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-31170 ↗	Apr 9, 2026Thursday, 9 April 2026, 19:16	9.8 CRITICAL	—
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun-pass parameter to /cgi-bin/cstecgi.cgi.
CVE-2026-5679 ↗	Apr 6, 2026Monday, 6 April 2026, 20:16	5.5 MEDIUM	5.2 MEDIUM
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument stun_pass leads to os command injection. The exploit has been disclosed publicly and may be used.