CVE-2026-5104 | Totolink A3300R 17.0.0cu.557_b20221024 /cgi-bin/cstecgi.cgi setStaticRoute ip command injection

Inserito da Angelo Barbosa | Mar 29, 2026 | CVE

A vulnerability described as critical has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection.

This vulnerability is listed as CVE-2026-5104. The attack may be performed from remote. In addition, an exploit is available.

CVE-2026-5104 | Totolink A3300R 17.0.0cu.557_b20221024 /cgi-bin/cstecgi.cgi setStaticRoute ip command injection

Post correlati

CVE-2025-4850 | TOTOLINK N300RH 6.1c.1390_B20191101 /cgi-bin/cstecgi.cgi setUnloadUserData plugin_name command injection

CVE-2023-6255 | Utarit Information Technologies SoliPay Mobile App up to 5.0.7 hard-coded credentials

CVE-2025-69238 | Raytha CMS up to 1.4.5 POST Request cross-site request forgery

CVE-2024-6864 | WP Last Modified Info Plugin up to 1.9.0 on WordPress Shortcode lmt-post-modified-Info cross site scripting