CVE-2026-31165 | Totolink A3300R 17.0.0cu.557_B20221024 /cgi-bin/cstecgi.cgi pppoeServiceName command injection

Inserito da Angelo Barbosa | Apr 23, 2026 | CVE

A vulnerability classified as critical was found in Totolink A3300R 17.0.0cu.557_B20221024. This impacts an unknown function of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument pppoeServiceName can lead to command injection.

This vulnerability is registered as CVE-2026-31165. It is possible to launch the attack remotely. No exploit is available.

CVE-2026-31165 | Totolink A3300R 17.0.0cu.557_B20221024 /cgi-bin/cstecgi.cgi pppoeServiceName command injection

Post correlati

CVE-2024-20118 | MediaTek MT8792 Mms write-what-where condition (MSV-1621 / ALPS09062392)

CVE-2024-43318 | e2pdf Plugin up to 1.25.05 on WordPress cross site scripting

CVE-2023-51614 | D-Link DIR-X3260 prog.cgi SetQuickVPNSettings stack-based overflow

CVE-2024-26000 | Phoenix Contact CHARX SEC-3150 up to 1.5.0 MQTT Stack input validation (VDE-2024-011)