{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5101", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-29T17:50:43.221Z", "datePublished": "2026-03-29T23:00:15.592Z", "dateUpdated": "2026-03-30T14:52:01.775Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-29T23:00:15.592Z"}, "title": "Totolink A3300R Parameter cstecgi.cgi setLanCfg command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "Totolink", "product": "A3300R", "versions": [{"version": "17.0.0cu.557_b20221024", "status": "affected"}], "cpes": ["cpe:2.3:o:totolink:a3300r_firmware:*:*:*:*:*:*:*:*"], "modules": ["Parameter Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-29T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-29T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-29T19:56:04.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "LtzHuster2 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/354126", "name": "VDB-354126 | Totolink A3300R Parameter cstecgi.cgi setLanCfg command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354126/cti", "name": "VDB-354126 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/779128", "name": "Submit #779128 | Totolink A3300R 17.0.0cu.557_b20221024 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Litengzheng/vul_db/blob/main/A3300R/vul_39/README.md", "tags": ["exploit"]}, {"url": "https://www.totolink.net/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T12:59:47.134999Z", "id": "CVE-2026-5101", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T14:52:01.775Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Totolink A3300R Parameter cstecgi.cgi setLanCfg command injection", "credits": [{"lang": "en", "type": "reporter", "value": "LtzHuster2 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:o:totolink:a3300r_firmware:*:*:*:*:*:*:*:*"], "vendor": "Totolink", "modules": ["Parameter Handler"], "product": "A3300R", "versions": [{"status": "affected", "version": "17.0.0cu.557_b20221024"}]}], "timeline": [{"lang": "en", "time": "2026-03-29T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-29T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-29T19:56:04.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/354126", "name": "VDB-354126 | Totolink A3300R Parameter cstecgi.cgi setLanCfg command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354126/cti", "name": "VDB-354126 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/779128", "name": "Submit #779128 | Totolink A3300R 17.0.0cu.557_b20221024 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Litengzheng/vul_db/blob/main/A3300R/vul_39/README.md", "tags": ["exploit"]}, {"url": "https://www.totolink.net/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "Command Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-29T23:00:15.592Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5101", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T12:59:47.134999Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-30T13:13:58.210Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-5101", "state": "PUBLISHED", "dateUpdated": "2026-03-29T23:00:15.592Z", "dateReserved": "2026-03-29T17:50:43.221Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-29T23:00:15.592Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", "matchCriteriaId": "DD39B647-3419-4C6D-A6A2-30F40822A27D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F723A73-4B32-4F9E-B5DA-80134D4711C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used."}], "id": "CVE-2026-5101", "lastModified": "2026-03-30T15:45:51.677", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-29T23:16:48.597", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Litengzheng/vul_db/blob/main/A3300R/vul_39/README.md"}, {"source": "cna@vuldb.com", "tags": ["VDB Entry", "Third Party Advisory"], "url": "https://vuldb.com/submit/779128"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/vuln/354126"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/vuln/354126/cti"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.totolink.net/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-77"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.0.0cu.557_b20221024"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "A3300R", "source": "cna", "vendor": "Totolink"}, "product": "a3300r", "vendor": "totolink"}], "analysis": {"en": {"generated_at": "2026-03-30T05:22:46.305470+00:00", "value": {"mitigation_remediation": ["Update to the latest Totolink firmware that removes the command injection in setLanCfg.", "If no patch exists, block or disable /cgi-bin/cstecgi.cgi on the router via firewall rules or by restricting web\u2011GUI access to the local network only.", "Further limit the administrative interface to trusted IP addresses or protect it behind a VPN.", "Replace default administrative credentials with strong, unique passwords and enable the router\u2019s firewall features to drop suspicious requests.", "Monitor device logs for unexpected changes to the lanIp parameter or attempts to execute system commands."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Totolink A3300R routers running firmware version 17.0.0cu.557_b20221024 are affected. The issue resides in the Parameter Handler component exposed via the web interface.", "description_and_impact": "The vulnerability arises from the setLanCfg function in /cgi-bin/cstecgi.cgi, where an attacker can inject arbitrary commands through the lanIp parameter. This results in remote code execution on the router, allowing full control of the device. The weakness corresponds to command injection (CWE\u201177) and parameter injection (CWE\u201174).", "risk_and_exploitability": "The CVSS base score of 5.3 indicates moderate severity, but remote exploitation is possible from any network location. An attacker can trigger the injection via a crafted HTTP request to the setLanCfg endpoint, and publicly available exploits exist, increasing the risk. Since EPSS is not available and the vulnerability is not listed in KEV, its exploit probability cannot be quantified, yet the presence of an online exploit suggests a real threat to exposed devices."}}}}, "created": "2026-03-30T07:03:51.138913+00:00", "updated": "2026-03-30T07:59:09.965901+00:00", "vendors": ["totolink", "totolink$PRODUCT$a3300r"]}