Totolink A3300R vulnerabilities

CVE-2026-5679 [MEDIUM] CWE-77 CVE-2026-5679: A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted e A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument stun_pass leads to os command injection. The exploit has been disclosed publicly and may be used.

CVE-2026-5178 [MEDIUM] CWE-74 CVE-2026-5178: A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by th A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this issue is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument vlanPriLan3 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

CVE-2026-5177 [MEDIUM] CWE-74 CVE-2026-5177: A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this vulnerabi A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument rxRate can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used

CVE-2026-5176 [MEDIUM] CWE-74 CVE-2026-5176: A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the funct A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

CVE-2026-5103 [MEDIUM] CWE-74 CVE-2026-5103: A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the fun A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

CVE-2026-5105 [MEDIUM] CWE-74 CVE-2026-5105: A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to initiate the attack remotely. The exploit is now public and

CVE-2026-5102 [MEDIUM] CWE-74 CVE-2026-5102: A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability af A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qos_up_bw results in command injection. The attack can be executed remotely. The exploit has been released to the publ

CVE-2026-5104 [MEDIUM] CWE-74 CVE-2026-5104: A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is th A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

CVE-2026-5101 [MEDIUM] CWE-74 CVE-2026-5101: A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

CVE-2025-12258 [HIGH] CWE-119 CVE-2025-12258: A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. Impacted is the function set A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. Impacted is the function setOpModeCfg of the file /cgi-bin/cstecgi.cg of the component POST Parameter Handler. The manipulation of the argument opmode results in stack-based buffer overflow. The attack may be performed from remote.

CVE-2025-12240 [HIGH] CWE-119 CVE-2025-12240: A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects t A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

CVE-2025-12239 [HIGH] CWE-119 CVE-2025-12239: A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is th A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Executing manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.

CVE-2025-12241 [HIGH] CWE-119 CVE-2025-12241: A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This impacts the function se A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.

CVE-2025-12259 [HIGH] CWE-119 CVE-2025-12259: A flaw has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The affected element is the functio A flaw has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. This manipulation of the argument recHour causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and m

CVE-2025-12260 [HIGH] CWE-119 CVE-2025-12260: A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is th A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. Such manipulation of the argument enable leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed

CVE-2024-7331 [HIGH] CWE-120 CVE-2024-7331: A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affe A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-

CVE-2024-7155 [LOW] CWE-259 CVE-2024-7155: A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problemat A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The expl