CVE-2026-5101
Last modified
CVE-2026-5101 is a low-severity vulnerability rated 2.1/10 on the CVSS scale. A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. EPSS estimates a 2.18% chance of exploitation in the next 30 days.
Description
A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Totolink | A3300r Firmware | 17.0.0cu.557_b20221024 |
References
- https://github.com/Litengzheng/vul_db/blob/main/A3300R/vul_39/README.mdExploit, Third Party Advisory
- https://vuldb.com/submit/779128Third Party Advisory, VDB Entry
- https://vuldb.com/vuln/354126Third Party Advisory, VDB Entry
- https://vuldb.com/vuln/354126/ctiThird Party Advisory, VDB Entry
- https://www.totolink.net/Product
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-5101?
How severe is CVE-2026-5101?
How do I fix CVE-2026-5101?
Are you affected by CVE-2026-5101?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST