CVE-2026-5103 | Totolink A3300R 17.0.0cu.557_b20221024 /cgi-bin/cstecgi.cgi setUPnPCfg enable command injection

Inserito da Angelo Barbosa | Mar 29, 2026 | CVE

A vulnerability marked as critical has been reported in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable causes command injection.

This vulnerability is tracked as CVE-2026-5103. The attack is possible to be carried out remotely. Moreover, an exploit is present.

CVE-2026-5103 | Totolink A3300R 17.0.0cu.557_b20221024 /cgi-bin/cstecgi.cgi setUPnPCfg enable command injection

Post correlati

CVE-2025-64134 | JDepend Plugin up to 1.3.1 on Jenkins XML Parser xml external entity reference

CVE-2024-46679 | Linux Kernel up to 6.10.7 ethtool __ethtool_get_link_ksettings state issue

CVE-2025-41043 | appRain CMF 4.0.5 manage data[AppReportCode][id]/data[AppReportCode][name] cross site scripting

CVE-2025-49840 | RVC-Boss GPT-SoVITS up to 20250228v3 inference_webui.py change_gpt_weights GPT_dropdown deserialization (GHSL-2025-049)