CVE Vulnerabilities

CVE-2023-46992

Published: Oct 31, 2023 | Modified: Nov 08, 2023

CVSS 3.x

7.5

HIGH

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-46992
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.

Affected Software

Name	Vendor	Start Version	End Version
A3300r_firmware	Totolink	17.0.0cu.557_b20221024 (including)	17.0.0cu.557_b20221024 (including)

References

https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R/readme.md

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.