CVE-2026-31160 | Totolink A3300R 17.0.0cu.557 /cgi-bin/cstecgi.cgi provider command injection

Inserito da Angelo Barbosa | Apr 23, 2026 | CVE

A vulnerability classified as critical has been found in Totolink A3300R 17.0.0cu.557. This affects an unknown function of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provider results in command injection.

This vulnerability is cataloged as CVE-2026-31160. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2026-31160 | Totolink A3300R 17.0.0cu.557 /cgi-bin/cstecgi.cgi provider command injection

Post correlati

CVE-2024-42060 | Zyxel ATP/USG FLEX/USG FLEX 50(W)/USG20(W)-VPN up to 5.38 os command injection

CVE-2024-49780 | IBM OpenPages with Watson 8.3/9.0 HTTP Request file name path traversal

CVE-2025-57624 | CYRISMA Agent up to 443 uncontrolled search path

CVE-2024-9400 | Mozilla Firefox up to 128.2/130 JIT Compilation memory corruption