CVE-2026-5178

Name of the Vulnerable Software and Affected Versions Totolink A3300R version 17.0.0cu.557 b20221024

Description A security issue exists in Totolink A3300R 17.0.0cu.557 b20221024. The setIptvCfg function within the /cgi-bin/cstecgi.cgi file is susceptible to command injection through manipulation of the vlanPriLan3 argument. Remote exploitation is possible. The exploit has been publicly disclosed.

Recommendations Apply a software update that addresses the vulnerability in the setIptvCfg function. As a temporary workaround, restrict access to the /cgi-bin/cstecgi.cgi file. Avoid using the vlanPriLan3 parameter in the affected API endpoint until the issue is resolved.