Platform
other
Component
vuln-of-totolink_a3300r
Fixed in
17.0.1
CVE-2026-5105 describes a Command Injection vulnerability discovered in the Totolink A3300R firmware. This flaw allows attackers to execute arbitrary commands on the device, potentially leading to complete system compromise. The vulnerability affects firmware version 17.0.0cu.557_b20221024. A patch is expected, and temporary mitigation strategies are available.
Successful exploitation of CVE-2026-5105 allows an attacker to inject and execute arbitrary commands on the Totolink A3300R router. This could lead to unauthorized access to the router's configuration, data exfiltration, and potentially, lateral movement within the network. Given the router's role as a network gateway, a compromised device could be used to pivot and attack other systems on the internal network. The public availability of an exploit significantly increases the risk of immediate exploitation.
CVE-2026-5105 is publicly known and an exploit is already available, indicating a high likelihood of exploitation. While no specific campaigns have been publicly linked to this vulnerability, the ease of exploitation and public availability of the exploit make it a prime target for opportunistic attackers. The vulnerability was disclosed on 2026-03-30. It is not currently listed on CISA KEV.
Exploit Status
EPSS
2.16% (84% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5105 is to upgrade the Totolink A3300R firmware to a patched version as soon as it becomes available. Until a patch is released, consider implementing a Web Application Firewall (WAF) to filter malicious requests targeting the /cgi-bin/cstecgi.cgi endpoint. Specifically, WAF rules should be configured to block requests containing suspicious characters or patterns in the pptpPassThru parameter. Monitor router logs for unusual command execution attempts. After upgrade, confirm by attempting to trigger the vulnerable endpoint and verifying that the command injection is prevented.
Update the Totolink A3300R router firmware to a version later than 17.0.0cu.557_b20221024 provided by the manufacturer. Refer to the vendor's website for the latest firmware version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5105 is a Command Injection vulnerability affecting Totolink A3300R routers running firmware version 17.0.0cu.557_b20221024. It allows attackers to execute commands on the device remotely.
You are affected if you are using a Totolink A3300R router with firmware version 17.0.0cu.557_b20221024. Check your router's firmware version and upgrade if possible.
The recommended fix is to upgrade to a patched firmware version from Totolink. Until a patch is available, implement WAF rules to block malicious requests.
Yes, an exploit for CVE-2026-5105 is publicly available, indicating a high probability of active exploitation.
Please refer to the Totolink website or security advisories for the official advisory regarding CVE-2026-5105.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.