2 matches found
Totolink A3300R Command Injection Vulnerability (CNVD-2026-16680)
Totolink A3300R is a wireless router product from Totolink. A command injection vulnerability exists in the Totolink A3300R version 17.0.0cu.557b20221024, which stems from improper handling of the qosupbw parameter in the setSmartQosCfg function of the /cgi-bin/cstecgi.cgi file in its parameter...
CVE-2026-5102 Totolink A3300R Parameter cstecgi.cgi setSmartQosCfg command injection
A security flaw has been discovered in Totolink A3300R 17.0.0cu.557b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qosupbw results in command injection. The attack can be execut...