Totolink A3300R cstecgi.cgi setSyslogCfg command injection_CVE-2026-5176

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

Basic Information

ID CVE-2026-5176

Source VulDB

Published Mar 31, 2026 at 01:15

Modified Mar 31, 2026 at 15:33

Affected Product

Vendor Totolink

Product A3300R

Version 17.0.0cu.557_b20221024

Affected Versions Totolink A3300R 17.0.0cu.557_b20221024

CWE Classification

CWE-77 CWE-74

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.",
    "published": "2026-03-31T01:15:13.970Z",
    "modified": "2026-03-31T15:33:16.783Z",
    "type": "cve",
    "title": "Totolink A3300R cstecgi.cgi setSyslogCfg command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/354244\nhttps://vuldb.com/vuln/354244/cti\nhttps://vuldb.com/submit/779145\nhttps://github.com/LvHongW/Vuln-of-totolink_A3300R/tree/main/A3300R_rtLogServer_cmd_inject\nhttps://www.totolink.net/",
    "id": "CVE-2026-5176",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Totolink A3300R 17.0.0cu.557_b20221024",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "A3300R",
    "version": "17.0.0cu.557_b20221024",
    "vendor": "Totolink",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}