Totolink A3300R Command Injection Vulnerability (CVE-2026-5176)
A command injection vulnerability (CVE-2026-5176) exists in the setSyslogCfg function of the Totolink A3300R router version 17.0.0cu.557_b20221024, allowing remote attackers to execute arbitrary commands by manipulating arguments in the /cgi-bin/cstecgi.cgi file.
A command injection vulnerability, identified as CVE-2026-5176, has been discovered in Totolink A3300R routers running firmware version 17.0.0cu.557_b20221024. The vulnerability resides within the setSyslogCfg function located in the /cgi-bin/cstecgi.cgi file. An unauthenticated, remote attacker can exploit this flaw by manipulating arguments passed to the vulnerable function. This manipulation results in the execution of arbitrary commands on the affected device. Given the public…
Detection coverage 2
Detect Totolink A3300R Command Injection Attempt via cstecgi.cgi
criticalDetects potential command injection attempts targeting the Totolink A3300R cstecgi.cgi endpoint by looking for shell metacharacters in the request URI.
Detect POST Request to cstecgi.cgi with Suspicious Parameters
highDetects suspicious POST requests to the /cgi-bin/cstecgi.cgi endpoint that include potentially malicious parameters.
Detection queries are kept inside the platform. Get full rules →