Totolink A3300R cstecgi.cgi setStaticRoute 命令注入

在 Totolink A3300R 路由器（版本 17.0.0cu.557_b20221024）中检测到一项关键安全漏洞。该漏洞存在于文件 '/cgi-bin/cstecgi.cgi' 中的 'setStaticRoute' 函数中。攻击者可以操纵 'ip' 参数，在设备上注入并执行任意命令，从而可能危及网络的安全性。该漏洞已公开披露，增加了被利用的风险。CVSS 评分是 6.3，表明中等到高度的风险。Totolink 未提供官方修复程序，因此需要采取替代的缓解措施。

Small and medium-sized businesses (SMBs) and home users relying on Totolink A3300R routers are at risk. Organizations with multiple routers deployed and limited security monitoring capabilities are particularly vulnerable. Shared hosting environments where routers are managed by the hosting provider also face increased risk.

• windows / supply-chain: Monitor PowerShell execution for suspicious commands related to network configuration or routing. Use Sysinternals tools like Process Monitor to observe network connections and file system activity on the router. • linux / server: Examine system logs (journalctl) for unusual process executions or network connections originating from /cgi-bin/cstecgi.cgi. Implement auditd rules to monitor access to this file. • generic web: Monitor web server access logs for requests to /cgi-bin/cstecgi.cgi with unusual parameters in the 'ip' field. Use curl to test for command injection by crafting malicious requests.

1. 2026-03-30Disclosure

   disclosure

1. 已保留2026-03-29
2. 发布日期2026-03-30
3. 修改日期2026-04-01
4. EPSS 更新日期2026-04-06

由于 Totolink 未为 CVE-2026-5104 提供修复程序（补丁），因此强烈建议立即采取预防措施。限制对路由器管理界面的访问的网络隔离至关重要。禁用对路由器配置的远程访问是一项基本步骤。监控网络流量以查找可疑活动有助于检测利用尝试。如果可行，请考虑升级到其他制造商的较新固件，作为长期选项。实施强大的防火墙并使其保持最新状态对于保护网络免受外部攻击至关重要。缺乏官方补丁需要积极的安全态势。