CVE-2026-5020

MEDIUM

A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched remotely. The exploit is now public and may be used.

CVSS v3.1 Score

6.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Complexity
LOW
Privileges
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
Published: 3/29/2026Modified: 3/30/2026

Related Intelligence (1)

CRITICALVulnerability

NVD CRITICAL: CVE-2026-5020 — A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected...

A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched remotely. The exploit is now public and may be used.

CVE-2026-5020
NIST NVD

References (5)

https://lavender-bicycle-a5a.notion.site/TOTOLINK_A3600R_setNoticeCfg-32253a41781f80c197eaf8e7558c5ed1?source=copy_linkExploitThird Party Advisoryhttps://vuldb.com/submit/779536Third Party AdvisoryVDB Entryhttps://vuldb.com/vuln/353905Third Party AdvisoryVDB Entryhttps://vuldb.com/vuln/353905/ctiPermissions RequiredVDB Entryhttps://www.totolink.net/Product