TOTOLINK A3300R 操作系统命令注入漏洞

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R stunMinAlive parameter, which stems from a failure to properly handle the stunMinAlive parameter in cstecgi.cgi, and can be exploited by an attacker to...

PT-2026-34673

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31166

CVE-2026-31166 concerns ToToLink A3300R firmware v17.0.0cu.557_B20221024. The issue: an attacker can execute arbitrary commands by supplying the hour parameter to /cgi-bin/cstecgi.cgi. This is a network‑vector flaw with low to moderate impact stated (CVSS v3.1: 6.5, Confidentiality and Integrity ...

TOTOLINK A3300R 命令注入漏洞

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3300R pppoeServiceName parameter suffers from a command injection vulnerability that stems from the cstecgi.cgi file failing to properly validate the pppoeServiceName parameter, which can be exploited by an...

CVE-2026-31171

CVE-2026-31171 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The issue allows an attacker to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi, as described in multiple sources (EUVD/NVD/CVE listings). The root cause and exact vulnerable component are described ...

CVE-2026-31176

ToToLink A3300R firmware v17.0.0cu.557_B20221024 is affected by CVE-2026-31176 where an attacker can execute arbitrary commands by sending a crafted stun-user parameter to /cgi-bin/cstecgi.cgi. The CVSS v3.1 base score is 6.5 (Medium) with network attack vector, no privileges required, and no use...

CVE-2026-31174

CVE-2026-31174 describes a command-injection vulnerability in ToToLink A3300R firmware 17.0.0cu.557_B20221024. An attacker can exploit the vulnerability by supplying crafted input to the informEnable parameter of the web CGI endpoint /cgi-bin/cstecgi.cgi, potentially executing arbitrary commands ...

CVE-2026-31159

The CVE-2026-31159 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The vulnerability is a command-injection in /cgi-bin/cstecgi.cgi triggered by the password parameter, enabling arbitrary command execution. Base score 6.5 (Medium) with network attack vector, low attack complexity, and n...

CVE-2026-31162

Summary: CVE-2026-31162 affects ToToLink A3300R firmware. The issue is a command-injection problem in the web interface: an attacker can execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi in firmware version v17.0.0cu.557_B20221024. The CVSS 3.1 vector indicates network a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: vim (UTSA-2026-014266)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014266 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens ...

CVE-2026-31164

ToToLink A3300R firmware v17.0.0cu.557_B20221024 is vulnerable to command execution via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi. The CVE-2026-31164 entry notes this as a network-based vulnerability with CVSSv3.1: 6.5 (MEDIUM), requiring no privileges and no user interaction. Connected sour...

CVE-2026-31175

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi...

PT-2026-34706

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31168

CVE-2026-31168 describes a command-injection vulnerability in ToToLink A3300R firmware (versions around 17.0.0cu.557_B20221024 / 17.0.0cu.557 B20221024). The flaw allows an attacker to execute arbitrary commands by supplying a crafted recHour parameter to the CGI endpoint /cgi-bin/cstecgi.cgi. Th...

CVE-2026-31179

ToToLink A3300R firmware v17.0.0cu.557_B20221024 has a vulnerability in the CGI endpoint /cgi-bin/cstecgi.cgi that allows attackers to execute arbitrary commands via the stun-port parameter. The root cause is the handling of the stun-port parameter in that CGI path, as described in multiple sourc...

CVE-2026-31169

CVE-2026-31169 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The issue allows attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi, with network access and no privileges required (CVSS 3.1: 6.5, Low confidentiality/integrity impact, no availability im...

CVE-2026-31181

CVE-2026-31181 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. An arbitrary command execution vulnerability exists via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi, enabling likely remote code execution over the network. The CVSS v3.1 base score is 9.8 (CRITICAL) with high impac...

CVE-2026-31162

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi...

TOTOLINK A3300R 命令注入漏洞

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R mode parameter, which originates from /cgi-bin/cstecgi.cgi failing to properly filter the mode parameter, and can be exploited by an attacker to execute...

CVE-2026-31172

The CVE-2026-31172 entry concerns ToToLink A3300R firmware, version 17.0.0cu.557_B20221024. The issue is a command injection in the CGI interface: attacker-controlled input in the user parameter to /cgi-bin/cstecgi.cgi can lead to arbitrary command execution on the device. According to the NVD en...