{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5176/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5176"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["command-injection","cve-2026-5176","totolink","router"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA command injection vulnerability, identified as CVE-2026-5176, has been discovered in Totolink A3300R routers running firmware version 17.0.0cu.557_b20221024. The vulnerability resides within the \u003ccode\u003esetSyslogCfg\u003c/code\u003e function located in the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e file. An unauthenticated, remote attacker can exploit this flaw by manipulating arguments passed to the vulnerable function. This manipulation results in the execution of arbitrary commands on the affected device. Given the public…\u003c/p\u003e\n","date_modified":"2026-03-31T02:15:59Z","date_published":"2026-03-31T02:15:59Z","id":"/briefs/2026-03-totolink-cve-2026-5176/","summary":"A command injection vulnerability (CVE-2026-5176) exists in the setSyslogCfg function of the Totolink A3300R router version 17.0.0cu.557_b20221024, allowing remote attackers to execute arbitrary commands by manipulating arguments in the /cgi-bin/cstecgi.cgi file.","title":"Totolink A3300R Command Injection Vulnerability (CVE-2026-5176)","url":"https://feed.craftedsignal.io/briefs/2026-03-totolink-cve-2026-5176/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-5176","version":"https://jsonfeed.org/version/1.1"}