Totolink A3300R cstecgi.cgi setStaticRoute command injection_CVE-2026-5104

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

Basic Information

ID CVE-2026-5104

Source VulDB

Published Mar 30, 2026 at 02:00

Modified Apr 1, 2026 at 18:04

Affected Product

Vendor Totolink

Product A3300R

Version 17.0.0cu.557_b20221024

Affected Versions Totolink A3300R 17.0.0cu.557_b20221024

CWE Classification

CWE-77 CWE-74

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.",
    "published": "2026-03-30T02:00:15.646Z",
    "modified": "2026-04-01T18:04:38.639Z",
    "type": "cve",
    "title": "Totolink A3300R cstecgi.cgi setStaticRoute command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/354129\nhttps://vuldb.com/vuln/354129/cti\nhttps://vuldb.com/submit/779142\nhttps://github.com/LvHongW/Vuln-of-totolink_A3300R/tree/main/A3300R_ip_cmd_inject\nhttps://www.totolink.net/",
    "id": "CVE-2026-5104",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Totolink A3300R 17.0.0cu.557_b20221024",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "A3300R",
    "version": "17.0.0cu.557_b20221024",
    "vendor": "Totolink",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}