CVE-2026-5102

Name of the Vulnerable Software and Affected Versions Totolink A3300R version 17.0.0cu.557 b20221024

Description A security flaw exists in the Totolink A3300R router. This issue involves a command injection impacting the setSmartQosCfg function within the /cgi-bin/cstecgi.cgi file of the Parameter Handler component. The qos up bw argument can be manipulated to execute commands remotely. The exploit for this issue has been publicly released.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /cgi-bin/cstecgi.cgi file.