https://feed.craftedsignal.io/tags/cve-2026-5176/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 31 Mar 2026 02:15:59 +0000https://feed.craftedsignal.io/briefs/2026-03-totolink-cve-2026-5176/Tue, 31 Mar 2026 02:15:59 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-totolink-cve-2026-5176/A command injection vulnerability (CVE-2026-5176) exists in the setSyslogCfg function of the Totolink A3300R router version 17.0.0cu.557_b20221024, allowing remote attackers to execute arbitrary commands by manipulating arguments in the /cgi-bin/cstecgi.cgi file.A command injection vulnerability, identified as CVE-2026-5176, has been discovered in Totolink A3300R routers running firmware version 17.0.0cu.557_b20221024. The vulnerability resides within the setSyslogCfg function located in the /cgi-bin/cstecgi.cgi file. An unauthenticated, remote attacker can exploit this flaw by manipulating arguments passed to the vulnerable function. This manipulation results in the execution of arbitrary commands on the affected device. Given the public…

]]>criticaladvisorycommand-injectioncve-2026-5176totolinkrouter