Platform
other
Component
vuln-of-totolink_a3300r
Fixed in
17.0.1
A critical Command Injection vulnerability (CVE-2026-5176) has been identified in the Totolink A3300R firmware. This flaw allows attackers to remotely execute arbitrary commands on the device by manipulating the setSyslogCfg argument within the /cgi-bin/cstecgi.cgi file. The vulnerability impacts firmware version 17.0.0cu.557b20221024–17.0.0cu.557b20221024, and a public exploit is already available, increasing the risk of immediate exploitation.
Successful exploitation of CVE-2026-5176 grants an attacker complete control over the affected Totolink A3300R router. This includes the ability to modify system configurations, intercept network traffic, install malware, and potentially pivot to other devices on the network. Given the router's role as a network gateway, a compromise could lead to widespread data breaches and disruption of services. The availability of a public exploit significantly lowers the barrier to entry for malicious actors, making this a high-priority vulnerability to address. The potential for lateral movement within the network is substantial, as the attacker can leverage the compromised router to scan and exploit other vulnerable systems.
CVE-2026-5176 is considered a high-risk vulnerability due to the public availability of an exploit. While an EPSS score is not yet assigned, the public exploit suggests a high probability of exploitation. The vulnerability was publicly disclosed on March 31, 2026. Monitor security advisories and threat intelligence feeds for any indications of active campaigns targeting this vulnerability. The ease of exploitation makes it a likely target for both opportunistic attackers and more sophisticated threat actors.
Exploit Status
EPSS
4.86% (90% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5176 is to update the Totolink A3300R firmware to a patched version. Unfortunately, a fixed version is not yet available. As an immediate workaround, implement strict input validation on the setSyslogCfg parameter within the /cgi-bin/cstecgi.cgi file. This can be achieved through a Web Application Firewall (WAF) or proxy server configured to block suspicious input patterns. Additionally, consider disabling the syslog functionality if it is not essential. Monitor network traffic for unusual activity and implement intrusion detection systems (IDS) to identify potential exploitation attempts. After implementing any mitigation, verify its effectiveness by attempting to trigger the vulnerability with a controlled payload.
Update the Totolink A3300R router firmware to a version later than 17.0.0cu.557_b20221024 provided by the manufacturer to correct the command injection (command injection) vulnerability. Refer to the Totolink website for the latest firmware version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5176 is a Command Injection vulnerability in the Totolink A3300R firmware, allowing remote command execution. It affects version 17.0.0cu.557_b20221024 and has a CVSS score of 7.3 (HIGH).
You are affected if you are using Totolink A3300R firmware version 17.0.0cu.557b20221024–17.0.0cu.557b20221024. Check your router's firmware version immediately.
A patch is not yet available. Implement input validation via WAF/proxy or disable syslog as a temporary workaround. Monitor for exploitation attempts.
Yes, a public exploit is available, indicating a high probability of active exploitation.
Refer to the Totolink security advisory page for updates and official announcements regarding CVE-2026-5176.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.