CVE-2026-5101

Опубликовано: 29 мар. 2026

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

Ссылки

https://github.com/Litengzheng/vul_db/blob/main/A3300R/vul_39/README.md
Exploit
Third Party Advisory
https://vuldb.com/submit/779128
VDB Entry
Third Party Advisory
https://vuldb.com/vuln/354126
Third Party Advisory
VDB Entry
https://vuldb.com/vuln/354126/cti
Third Party Advisory
VDB Entry
https://www.totolink.net/
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*

cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.02947

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

CWE-78

Связанные уязвимости

GHSA-452m-gc7f-x9g5

CVSS3: 6.3

github

9 дней назад

EPSS

Процентиль: 86%

0.02947

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

CWE-78