Skip to main content

A3600R

1 CVEs product

Monthly

CVE-2026-5020 LOW POC Monitor

Command injection in Totolink A3600R firmware 4.1.2cu.5182_B20201102 allows authenticated remote attackers to execute arbitrary commands via the NoticeUrl parameter in the setNoticeCfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 6.3 (low-to-medium severity) but is confirmed by publicly available exploit code, making it an active threat to deployed devices despite the authentication requirement.

Command Injection A3600R
NVD VulDB
CVSS 4.0
2.1
EPSS
2.9%
EPSS 3% CVSS 2.1
LOW POC Monitor

Command injection in Totolink A3600R firmware 4.1.2cu.5182_B20201102 allows authenticated remote attackers to execute arbitrary commands via the NoticeUrl parameter in the setNoticeCfg function of /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 6.3 (low-to-medium severity) but is confirmed by publicly available exploit code, making it an active threat to deployed devices despite the authentication requirement.

Command Injection A3600R
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy