CVE-2026-5178
Received Received - Intake
Command Injection in Totolink A3300R setIptvCfg CGI Function

Publication date: 2026-03-31

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this issue is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument vlanPriLan3 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-14
NVD
CVE-2026-5178
EUVD
EUVD-2026-17309
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
totolink a3300r_firmware 17.0.0cu.557_b20221024
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The CVE-2026-5178 vulnerability allows remote attackers to execute arbitrary commands on the affected TOTOLINK A3300R router due to command injection in the vlanPriLan3 parameter. This type of vulnerability can lead to unauthorized access, data breaches, or manipulation of network traffic, which may compromise the confidentiality, integrity, and availability of data.

Such security weaknesses can impact compliance with common standards and regulations like GDPR and HIPAA, which require organizations to protect personal and sensitive data against unauthorized access and ensure the security of network devices. Exploitation of this vulnerability could result in violations of these regulations due to potential data exposure or disruption of services.

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable router's management interface to trusted networks only, such as internal LAN or VPN, to prevent remote exploitation.

Additionally, monitor and block suspicious HTTP POST requests to /cgi-bin/cstecgi.cgi that contain the vlanPriLan3 parameter with unexpected values.

If possible, apply any available firmware updates or patches from the vendor that address this vulnerability.

As a temporary workaround, disabling or restricting the affected CGI function or the shttpd service may reduce exposure.

Executive Summary

CVE-2026-5178 is a command injection vulnerability in the TOTOLINK A3300R router, version 17.0.0cu.557_b20221024. It occurs in the function setIptvCfg within the /cgi-bin/cstecgi.cgi file, specifically involving the parameter vlanPriLan3.

The vulnerability arises because the vlanPriLan3 parameter is not properly sanitized before being passed to a system command execution function. This allows an attacker to craft a malicious HTTP POST request that injects arbitrary operating system commands, which the router then executes.

In technical terms, the parameter value is passed to a function that formats it into a buffer and then executes it using execv(), enabling remote code execution on the device.

Impact Analysis

This vulnerability allows remote attackers to execute arbitrary commands on the affected router without user interaction.

An attacker could leverage this to take control of the device, potentially leading to unauthorized access to the network, interception or manipulation of network traffic, or using the device as a foothold for further attacks.

Because the exploit is publicly disclosed, the risk of exploitation is higher, increasing the urgency to mitigate or patch the vulnerability.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious HTTP POST requests to the endpoint /cgi-bin/cstecgi.cgi that include the parameter vlanPriLan3 with unusual or command-like values.

A practical detection method is to capture and analyze network traffic for POST requests containing the vlanPriLan3 parameter, especially if it includes command injection patterns such as shell commands or network utilities like wget.

For example, using a network packet capture tool like tcpdump or Wireshark, you can filter HTTP POST requests to /cgi-bin/cstecgi.cgi and inspect the vlanPriLan3 parameter.

  • tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'vlanPriLan3'
  • Use curl or similar tools to test the endpoint with benign and malicious vlanPriLan3 values to observe if commands are executed.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5178. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart