Lv Hongwei

6 exploits Active since Mar 2026
CVE-2026-5176 WRITEUP HIGH WORKING POC
Totolink A3300R cstecgi.cgi setSyslogCfg command injection
A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
CVSS 7.3
CVE-2026-5177 WRITEUP MEDIUM WORKING POC
Totolink A3300R cstecgi.cgi setWiFiBasicCfg command injection
A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument rxRate can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 6.3
CVE-2026-5178 WRITEUP MEDIUM WORKING POC
Totolink A3300R cstecgi.cgi setIptvCfg command injection
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this issue is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument vlanPriLan3 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
CVSS 6.3
CVE-2026-5103 WRITEUP MEDIUM WORKING POC
Totolink A3300R cstecgi.cgi setUPnPCfg command injection
A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 6.3
CVE-2026-5104 WRITEUP MEDIUM WORKING POC
Totolink A3300R cstecgi.cgi setStaticRoute command injection
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
CVSS 6.3
CVE-2026-5105 WRITEUP MEDIUM WORKING POC
Totolink A3300R Parameter cstecgi.cgi setVpnPassCfg command injection
A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVSS 6.3