CVE-2026-5103

CWE-74CWE-77Command Injection3 documents3 sources
Severity
5.3MEDIUM
EPSS
2.2%
top 15.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink A3300rTotolink A3300r Firmware
Timeline
PublishedMar 30

Description

A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/a3300r17.0.0cu.557_b20221024
NVDtotolink/a3300r_firmware17.0.0cu.557_b20221024

🔴Vulnerability Details

2
GHSA
GHSA-fxg3-w9hm-vf88: A weakness has been identified in Totolink A3300R 172026-03-30
CVEList
Totolink A3300R cstecgi.cgi setUPnPCfg command injection2026-03-30
CVE-2026-5103 (MEDIUM CVSS 5.3) | A weakness has been identified in T | cvebase.io