Which versions of Totolink A3300R are affected by CVE-2026-5176?

Totolik A3300R routers running firmware 17.0.0cu.557_b20221024 contain a critical remote code execution vulnerability that allows unauthenticated attackers to gain complete control of affected…

Is there a public PoC exploit available for CVE-2026-5176?

Yes, a public proof-of-concept exploit is available for CVE-2026-5176. Prioritise patching immediately. EPSS: 2.4%.

Totolink A3300R CVE-2026-5176

Q: What is the CVSS score of CVE-2026-5176?

CVE-2026-5176 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 2.4%.

EUVD-2026-17279 MEDIUM

Command Injection (CWE-77)

2026-03-31 VulDB

Command Injection

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Apr 06, 2026 - 15:35 vuln.today

Public exploit code

EUVD ID Assigned

Mar 31, 2026 - 01:45 euvd

EUVD-2026-17279

Analysis Generated

Mar 31, 2026 - 01:45 vuln.today

CVE Published

Mar 31, 2026 - 01:15 nvd

MEDIUM 6.9

DescriptionNVD

A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

AnalysisAI

Command injection in Totolink A3300R router firmware 17.0.0cu.557_b20221024 allows unauthenticated remote attackers to execute arbitrary system commands via the setSyslogCfg function in /cgi-bin/cstecgi.cgi. Public exploit code is available on GitHub, significantly lowering the barrier to exploitation. …

RemediationAI

Within 24 hours: Inventory all Totolik A3300R routers in your environment and identify any running firmware 17.0.0cu.557_b20221024. Within 7 days: Contact Totolik support to determine if a patched firmware version is available for your specific hardware revision; if available, plan firmware updates for all affected devices. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-5176 vulnerability details – vuln.today

Back

Totolink A3300R CVE-2026-5176

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Totolink A3300R CVE-2026-5176

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code