CVE-2026-5176Injection in A3300r

CWE-74InjectionCWE-77Command Injection3 documents3 sources
Severity
6.9MEDIUMNVD
EPSS
2.0%
top 16.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink A3300rTotolink A3300r Firmware
Timeline
PublishedMar 31

Description

A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/a3300r17.0.0cu.557_b20221024
NVDtotolink/a3300r_firmware17.0.0cu.557_b20221024

🔴Vulnerability Details

2
CVEList
Totolink A3300R cstecgi.cgi setSyslogCfg command injection2026-03-31
GHSA
GHSA-j4j2-2vjx-c7hx: A security flaw has been discovered in Totolink A3300R 172026-03-31
CVE-2026-5176 — Injection in Totolink A3300r | cvebase