CVE-2026-5178

EUVD-2026-17309
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this issue is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument vlanPriLan3 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
totolinka3300r_firmware
17.0.0cu.557_b20221024:cu.557_b20221024
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/LvHongW/Vuln-of-totolink_A3300R/tree/main/A3300R_vlanPriLan3_cmd_inject
https://vuldb.com/submit/779147
https://vuldb.com/vuln/354246
https://vuldb.com/vuln/354246/cti
https://www.totolink.net/