UNKNOWNCVE-2026-5102
Totolink A3300R Parameter cstecgi.cgi setSmartQosCfg command injection
Platform
other
Component
vul_db
A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qos_up_bw results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
How to fix
Actualice el firmware del router Totolink A3300R a una versión posterior a 17.0.0cu.557_b20221024 para mitigar la vulnerabilidad de inyección de comandos. Consulte el sitio web del proveedor para obtener la última versión del firmware y las instrucciones de actualización.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free