Sign-up

ID

VAR-202307-0443


CVE

CVE-2023-37171


TITLE

TOTOLINK  of  a3300r  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-019267

DESCRIPTION

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. TOTOLINK of a3300r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A3300R is a dual-band wireless router manufactured by China-based TOTOLINK Electronics, primarily designed for home and small network environments. This vulnerability stems from the admuser parameter in the setPasswordCfg method failing to properly sanitize special characters and commands in constructed commands. Detailed vulnerability details are currently unavailable

Trust: 2.25

sources: NVD: CVE-2023-37171 // JVNDB: JVNDB-2023-019267 // CNVD: CNVD-2025-21049 // VULMON: CVE-2023-37171

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-21049

AFFECTED PRODUCTS

vendor:totolinkmodel:a3300rscope:eqversion:17.0.0cu.557_b20221024

Trust: 1.0

vendor:totolinkmodel:a3300rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a3300rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a3300rscope:eqversion:a3300r firmware 17.0.0cu.557 b20221024

Trust: 0.8

vendor:totolinkmodel:a3300r v17.0.0cu.557 b20221024scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-21049 // JVNDB: JVNDB-2023-019267 // NVD: CVE-2023-37171

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-37171
value: CRITICAL

Trust: 1.0

NVD: CVE-2023-37171
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-21049
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202307-513
value: CRITICAL

Trust: 0.6

CNVD: CNVD-2025-21049
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-37171
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-37171
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-21049 // CNNVD: CNNVD-202307-513 // JVNDB: JVNDB-2023-019267 // NVD: CVE-2023-37171

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-019267 // NVD: CVE-2023-37171

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202307-513

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202307-513

PATCH

title:Patch for TOTOLINK A3300R setPasswordCfg method command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/729696

Trust: 0.6

title:TOTOLINK A3300R Fixes for operating system command injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=246048

Trust: 0.6

sources: CNVD: CNVD-2025-21049 // CNNVD: CNNVD-202307-513

EXTERNAL IDS

db:NVDid:CVE-2023-37171

Trust: 3.9

db:JVNDBid:JVNDB-2023-019267

Trust: 0.8

db:CNVDid:CNVD-2025-21049

Trust: 0.6

db:CNNVDid:CNNVD-202307-513

Trust: 0.6

db:VULMONid:CVE-2023-37171

Trust: 0.1

sources: CNVD: CNVD-2025-21049 // VULMON: CVE-2023-37171 // CNNVD: CNNVD-202307-513 // JVNDB: JVNDB-2023-019267 // NVD: CVE-2023-37171

REFERENCES

url:https://github.com/kafroc/vuls/tree/main/totolink/a3300r/cmdi_2

Trust: 3.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-37171

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-37171/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2025-21049 // VULMON: CVE-2023-37171 // CNNVD: CNNVD-202307-513 // JVNDB: JVNDB-2023-019267 // NVD: CVE-2023-37171

SOURCES

db:CNVDid:CNVD-2025-21049
db:VULMONid:CVE-2023-37171
db:CNNVDid:CNNVD-202307-513
db:JVNDBid:JVNDB-2023-019267
db:NVDid:CVE-2023-37171

LAST UPDATE DATE

2025-09-12T23:41:38.642000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-21049date:2025-09-11T00:00:00
db:VULMONid:CVE-2023-37171date:2023-07-08T00:00:00
db:CNNVDid:CNNVD-202307-513date:2023-07-14T00:00:00
db:JVNDBid:JVNDB-2023-019267date:2024-01-12T08:05:00
db:NVDid:CVE-2023-37171date:2023-07-13T17:32:03.063

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-21049date:2025-09-08T00:00:00
db:VULMONid:CVE-2023-37171date:2023-07-07T00:00:00
db:CNNVDid:CNNVD-202307-513date:2023-07-07T00:00:00
db:JVNDBid:JVNDB-2023-019267date:2024-01-12T00:00:00
db:NVDid:CVE-2023-37171date:2023-07-07T20:15:10.660