Submit #792648: Totolink A3300R V17.0.0cu.557_B20221024 OS Command Injectioninfo

TitleTotolink A3300R V17.0.0cu.557_B20221024 OS Command Injection
DescriptionA command injection vulnerability exists in stunMinAlive handling (topicurl=setTr069Cfg) on /cgi-bin/cstecgi.cgi. Unsanitized input is embedded into executable command strings and passed to CsteSystem/execv, enabling attacker-controlled command execution.
Source⚠️ https://github.com/Svigo-o/TOTOLINK-Vul/tree/main/totolink-a3300r-stun-min-alive-cmd-injection
User
 m202572177 (UID 95972)
Submission03/30/2026 05:08 (3 months ago)
Moderation04/06/2026 11:44 (7 days later)
StatusDuplicate
VulDB entry250461 [Totolink A3300R 17.0.0cu.557_B20221024 setTr069Cfg pass command injection]
Points0

Might our Artificial Intelligence support you?

Check our Alexa App!