PT-2026-34677

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stun-port parameter to /cgi-bin/cstecgi.cgi...

PT-2026-34706

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31172

The CVE-2026-31172 entry concerns ToToLink A3300R firmware, version 17.0.0cu.557_B20221024. The issue is a command injection in the CGI interface: attacker-controlled input in the user parameter to /cgi-bin/cstecgi.cgi can lead to arbitrary command execution on the device. According to the NVD en...

TOTOLINK A3300R 命令注入漏洞

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R password parameter, which can be exploited by an attacker to execute arbitrary commands by sending malicious data to the password parameter of...

CVE-2026-31163

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31171

CVE-2026-31171 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The issue allows an attacker to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi, as described in multiple sources (EUVD/NVD/CVE listings). The root cause and exact vulnerable component are described ...

CVE-2026-31174

CVE-2026-31174 describes a command-injection vulnerability in ToToLink A3300R firmware 17.0.0cu.557_B20221024. An attacker can exploit the vulnerability by supplying crafted input to the informEnable parameter of the web CGI endpoint /cgi-bin/cstecgi.cgi, potentially executing arbitrary commands ...

CVE-2026-31176

ToToLink A3300R firmware v17.0.0cu.557_B20221024 is affected by CVE-2026-31176 where an attacker can execute arbitrary commands by sending a crafted stun-user parameter to /cgi-bin/cstecgi.cgi. The CVSS v3.1 base score is 6.5 (Medium) with network attack vector, no privileges required, and no use...

CVE-2026-31159

The CVE-2026-31159 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The vulnerability is a command-injection in /cgi-bin/cstecgi.cgi triggered by the password parameter, enabling arbitrary command execution. Base score 6.5 (Medium) with network attack vector, low attack complexity, and n...

CVE-2026-31169

CVE-2026-31169 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The issue allows attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi, with network access and no privileges required (CVSS 3.1: 6.5, Low confidentiality/integrity impact, no availability im...

CVE-2026-31167

CVE-2026-31167 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The issue is arbitrary commands execution via the mode parameter to /cgi-bin/cstecgi.cgi. Reported CVSS 3.1 base score 6.5 (Network, low complexity, no privileges required, user interaction not required). The connected sourc...

CVE-2026-31164

ToToLink A3300R firmware v17.0.0cu.557_B20221024 is vulnerable to command execution via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi. The CVE-2026-31164 entry notes this as a network-based vulnerability with CVSSv3.1: 6.5 (MEDIUM), requiring no privileges and no user interaction. Connected sour...

CVE-2026-31181

CVE-2026-31181 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. An arbitrary command execution vulnerability exists via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi, enabling likely remote code execution over the network. The CVSS v3.1 base score is 9.8 (CRITICAL) with high impac...

CVE-2026-31179

ToToLink A3300R firmware v17.0.0cu.557_B20221024 has a vulnerability in the CGI endpoint /cgi-bin/cstecgi.cgi that allows attackers to execute arbitrary commands via the stun-port parameter. The root cause is the handling of the stun-port parameter in that CGI path, as described in multiple sourc...

CVE-2026-31168

CVE-2026-31168 describes a command-injection vulnerability in ToToLink A3300R firmware (versions around 17.0.0cu.557_B20221024 / 17.0.0cu.557 B20221024). The flaw allows an attacker to execute arbitrary commands by supplying a crafted recHour parameter to the CGI endpoint /cgi-bin/cstecgi.cgi. Th...

PT-2026-34673

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31168

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi...

PT-2026-34714

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31167

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31166

CVE-2026-31166 concerns ToToLink A3300R firmware v17.0.0cu.557_B20221024. The issue: an attacker can execute arbitrary commands by supplying the hour parameter to /cgi-bin/cstecgi.cgi. This is a network‑vector flaw with low to moderate impact stated (CVSS v3.1: 6.5, Confidentiality and Integrity ...