CVE-2026-5104

MEDIUM

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

CVSS v3.1 Score

6.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Complexity
LOW
Privileges
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
Published: 3/30/2026Modified: 3/30/2026

Related Intelligence (1)

HIGHVulnerability

NVD HIGH: CVE-2026-5104 — A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b2022...

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

CVE-2026-5104
NIST NVD

References (5)

https://github.com/LvHongW/Vuln-of-totolink_A3300R/tree/main/A3300R_ip_cmd_injectExploitThird Party Advisoryhttps://vuldb.com/submit/779142Permissions RequiredVDB Entryhttps://vuldb.com/vuln/354129Third Party AdvisoryVDB Entryhttps://vuldb.com/vuln/354129/ctiThird Party AdvisoryVDB Entryhttps://www.totolink.net/Product