Platform
other
Component
vuln-of-totolink_a3300r
Fixed in
17.0.1
CVE-2026-5104 describes a Command Injection vulnerability discovered in the Totolink A3300R firmware. This flaw allows remote attackers to execute arbitrary commands on the device by manipulating the 'ip' argument within the /cgi-bin/cstecgi.cgi file. The vulnerability affects firmware version 17.0.0cu.557b20221024–17.0.0cu.557b20221024 and has been publicly disclosed.
Successful exploitation of CVE-2026-5104 grants an attacker complete control over the affected Totolink A3300R router. This includes the ability to modify system configurations, intercept network traffic, install malware, and potentially pivot to other devices on the network. The remote nature of the vulnerability significantly broadens the attack surface, as no local access is required. Given the router's role as a network gateway, a compromised device can be used to launch attacks against internal resources or exfiltrate sensitive data. The public disclosure of this vulnerability increases the likelihood of exploitation by malicious actors.
CVE-2026-5104 has been publicly disclosed, indicating a higher probability of exploitation. The vulnerability is not currently listed on CISA KEV, and there is no EPSS score available. Public proof-of-concept exploits are likely to emerge given the ease of exploitation and public disclosure. The vulnerability was published on 2026-03-30.
Exploit Status
EPSS
2.16% (84% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5104 is to upgrade the Totolink A3300R firmware to a patched version. Unfortunately, a fixed version is not yet available. As a temporary workaround, implement a Web Application Firewall (WAF) or proxy to filter requests to /cgi-bin/cstecgi.cgi, specifically blocking any requests containing suspicious characters or patterns in the 'ip' parameter. Carefully review and restrict access to the /cgi-bin/cstecgi.cgi endpoint. After implementing these mitigations, verify their effectiveness by attempting to trigger the command injection vulnerability with a controlled payload.
Update the firmware of your Totolink A3300R router to a version later than 17.0.0cu.557_b20221024 to correct the command injection (command injection) vulnerability. Refer to the vendor's website for the latest firmware version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5104 is a Command Injection vulnerability affecting Totolink A3300R firmware, allowing remote attackers to execute commands by manipulating the 'ip' argument in /cgi-bin/cstecgi.cgi.
You are affected if you are using Totolink A3300R firmware version 17.0.0cu.557b20221024–17.0.0cu.557b20221024 and have not applied a patch or implemented mitigations.
Upgrade the firmware to a patched version (currently unavailable). As a workaround, implement a WAF or proxy to filter requests to /cgi-bin/cstecgi.cgi.
While active exploitation is not confirmed, the public disclosure of the vulnerability increases the likelihood of exploitation by malicious actors.
Refer to the Totolink security advisory page for updates and official information regarding CVE-2026-5104.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.