CVE-2026-5102 in Totolink A3300Rinfo

Summary

A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qos_up_bw results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Disclosure

03/30/2026

Entries

Published	Base	Temp	Vulnerability	CWE	Prod	Exp	Cou	EPSS	CTI	CVE
03/29/2026	6.3	5.7	Totolink A3300R Parameter cstecgi.cgi setSmartQosCfg command injection	77	Unknown	Proof-of-Concept	Not defined	0.00000	4.01	CVE-2026-5102

Show more

Description
Changes
Cyber Threat Intelligence
API/JSON

◂ PreviousOverviewNext ▸

Want to know what is going to be exploited?

We predict KEV entries!