CVE-2026-5103

CVSS v2.0

6.5

Medium

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Totolink A3300R version 17.0.0cu.557 b20221024

Description A flaw exists in the Totolink A3300R device. The setUPnPCfg function within the /cgi-bin/cstecgi.cgi file is susceptible to command injection through manipulation of the enable argument. This allows for remote execution of commands. The exploit for this issue has been publicly released.

Recommendations Apply a software update that addresses the issue in the setUPnPCfg function of the /cgi-bin/cstecgi.cgi file.

Exploit

Fix

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

CVE-2026-5103

Affected Products

Totolink A3300R

CVE-2026-5103

Weakness Enumeration

Related Identifiers

Affected Products

References · 7