CVE-2026-5101

MediumPublic PoC

Published: 29 March 2026

Published

29 March 2026

Modified

30 March 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0362 87.9th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The…

exploit is publicly available and might be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents command injection by validating the lanIp parameter in the setLanCfg function to block malicious input.

SI-2 Flaw Remediation good match

prevent

Mitigates the vulnerability through timely flaw remediation by patching the affected Totolink A3300R firmware.

SI-4 System Monitoring partial match

detect

Enables detection of command injection attempts via monitoring for anomalous network connections and privileged events on the router.

Security SummaryAI

CVE-2026-5101 is a command injection vulnerability affecting the Totolink A3300R router on firmware version 17.0.0cu.557_b20221024. The issue resides in the setLanCfg function of the /cgi-bin/cstecgi.cgi file within the Parameter Handler component, where manipulation of the lanIp argument triggers command injection. Published on 2026-03-29, it is associated with CWEs-74, CWE-77, and CWE-78, and carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

Remote attackers with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Exploitation enables arbitrary command execution, potentially leading to low impacts on confidentiality, integrity, and availability, such as limited data access, modification, or disruption on the affected device. A public exploit is available, increasing the risk of widespread use.

Advisories referenced in VULDB entries (vuln/354126 and related CTI) document the vulnerability details and submission, while a GitHub repository provides exploit code and a README. The Totolink vendor website is listed for potential firmware updates or mitigation guidance. Security practitioners should verify patches directly from these sources.

Details

CWE(s): CWE-74 CWE-77 CWE-78

Affected Products

totolink

a3300r firmware

17.0.0cu.557_b20221024

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

Command injection in public-facing web CGI interface (setLanCfg via lanIp) enables exploitation of public-facing application (T1190) and arbitrary Unix shell command execution on the router (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/Litengzheng/vul_db/blob/main/A3300R/vul_39/README.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/submit/779128
VDB Entry, Third Party Advisory · cna@vuldb.com
https://vuldb.com/vuln/354126
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/354126/cti
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.totolink.net/
Product · cna@vuldb.com