CVE-2026-5178

MEDIUM

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this issue is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument vlanPriLan3 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

CVSS v3.1 Score

6.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Complexity
LOW
Privileges
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
Published: 3/31/2026Modified: 4/6/2026

Related Intelligence (1)

HIGHVulnerability

NVD HIGH: CVE-2026-5178 — A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b2022...

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this issue is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument vlanPriLan3 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

CVE-2026-5178
NIST NVD

References (5)

https://github.com/LvHongW/Vuln-of-totolink_A3300R/tree/main/A3300R_vlanPriLan3_cmd_injectExploitThird Party Advisoryhttps://vuldb.com/submit/779147Third Party AdvisoryVDB Entryhttps://vuldb.com/vuln/354246Third Party AdvisoryVDB Entryhttps://vuldb.com/vuln/354246/ctiPermissions RequiredVDB Entryhttps://www.totolink.net/Product