CVE-2026-5679 | Totolink A3300R 17.0.0cu.557_B20221024 /cgi-bin/cstecgi.cgi vsetTr069Cfg stun_pass os command injection

Inserito da Angelo Barbosa | Apr 6, 2026 | CVE

A vulnerability has been found in Totolink A3300R 17.0.0cu.557_B20221024 and classified as critical. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument stun_pass leads to os command injection.

This vulnerability is referenced as CVE-2026-5679. The attack needs to be initiated within the local network. Furthermore, an exploit is available.

CVE-2026-5679 | Totolink A3300R 17.0.0cu.557_B20221024 /cgi-bin/cstecgi.cgi vsetTr069Cfg stun_pass os command injection

Post correlati

CVE-2024-42905 | Beijing Digital China Cloud Technology DCME-320 7.4.12.60 ping.php getVar Privilege Escalation

CVE-2024-26817 | Linux Kernel up to 6.8.5 amdkfd kzalloc integer overflow

CVE-2025-25050 | Dell ControlVault3/ControlVault3 Plus cv_upgrade_sensor_firmware out-of-bounds write (dsa-2025-053)

CVE-2024-9029 | Freeimage tiff_read_iptc_profile heap-based overflow