CVE-2026-5020

CWE-74CWE-77Command Injection3 documents3 sources
Severity
5.3MEDIUM
EPSS
1.6%
top 18.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink A3600rTotolink A3600r Firmware
Timeline
PublishedMar 29

Description

A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched remotely. The exploit is now public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/a3600r4.1.2cu.5182_B20201102
NVDtotolink/a3600r_firmware4.1.2cu.5182_b20201102

🔴Vulnerability Details

2
CVEList
Totolink A3600R Parameter cstecgi.cgi setNoticeCfg command injection2026-03-29
GHSA
GHSA-98vg-cqgx-463p: A vulnerability was detected in Totolink A3600R 42026-03-29
CVE-2026-5020 (MEDIUM CVSS 5.3) | A vulnerability was detected in Tot | cvebase.io