CVE-2026-5102

MEDIUM

Published:Mar 30, 2026(Today)

Modified:Mar 30, 2026

AI Explanation

A command injection vulnerability exists in the Totolink A3300R router's Parameter Handler component, specifically in the setSmartQosCfg function, allowing remote attackers to inject malicious commands by manipulating the qos_up_bw argument. This can be exploited to gain unauthorized access or control over the device. Developers should prioritize patching this vulnerability to prevent potential attacks.

Users of the Totolink A3300R router with firmware version 17.0.0cu.557_b20221024 are at risk of remote command injection attacks, which is considered a medium severity vulnerability.

Network AccessLow ComplexityLow PrivilegesNo User Interaction

How to Fix

1Update the Totolink A3300R firmware to a version later than 17.0.0cu.557_b20221024, 2. Limit remote access to the router's web interface, 3. Implement a web application firewall (WAF) to detect and prevent command injection attacks

References

https://github.com/Litengzheng/vul_db/blob/main/A3300R/vul_40/README.m...
https://vuldb.com/submit/779129
https://vuldb.com/vuln/354127
https://vuldb.com/vuln/354127/cti

CVSS Score

v3.1

6.3/ 10.0

MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

At a Glance

Affected Products

References

CVSS v3 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVE-2026-5102

✦ AI Explanation

How to Fix

References

CVSS Score

At a Glance

CVSS v3 Vector

Impact Analysis

AI Explanation