AI Score
Confidence
High
EPSS
Percentile
98.5%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
total
In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.
[
{
"cpes": [
"cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*"
],
"vendor": "totolink",
"product": "a3300r_firmware",
"versions": [
{
"status": "affected",
"version": "17.0.0cu.557_b20221024"
}
],
"defaultStatus": "unknown"
}
]