Incorrect Access Control Vulnerability in TOTOLINK A3300R Router
CVE-2023-46992

7.5HIGH

Key Information:

Vendor: Totolink
Status: A3300r Firmware
Vendor: CVE Published:; 31 October 2023

Summary

The TOTOLINK A3300R router version V17.0.0cu.557_B20221024 is exposed to an incorrect access control vulnerability. This flaw enables unauthorized attackers to reset several critical passwords by simply navigating to specific pages without requiring proper authentication, potentially compromising network security.

References

https://github.com/AuroraHaaash/vul_report/blob/main/TOTO...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2023
Vulnerability Reserved
Oct 30, 2023