{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-31172", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-23T18:44:56.511Z", "dateReserved": "2026-03-09T00:00:00.000Z", "datePublished": "2026-04-23T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-23T17:37:35.817Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the user parameter to /cgi-bin/cstecgi.cgi."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/Svigo-o/TOTOLINK-Vul/tree/main/totolink-a3300r-user-cmd-injection"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "references": [{"url": "https://github.com/Svigo-o/TOTOLINK-Vul/tree/main/totolink-a3300r-user-cmd-injection", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-23T18:44:18.116350Z", "id": "CVE-2026-31172", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T18:44:56.511Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-31172", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-23T18:44:18.116350Z"}}}], "references": [{"url": "https://github.com/Svigo-o/TOTOLINK-Vul/tree/main/totolink-a3300r-user-cmd-injection", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T18:44:51.991Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/Svigo-o/TOTOLINK-Vul/tree/main/totolink-a3300r-user-cmd-injection"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the user parameter to /cgi-bin/cstecgi.cgi."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-23T17:37:35.817Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31172", "state": "PUBLISHED", "dateUpdated": "2026-04-23T18:44:56.511Z", "dateReserved": "2026-03-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-23T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:totolink:a3300r_firmware:17.0.0cu.557_b20221024:*:*:*:*:*:*:*", "matchCriteriaId": "DD39B647-3419-4C6D-A6A2-30F40822A27D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:totolink:a3300r:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F723A73-4B32-4F9E-B5DA-80134D4711C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the user parameter to /cgi-bin/cstecgi.cgi."}], "id": "CVE-2026-31172", "lastModified": "2026-04-24T15:12:42.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-23T18:16:24.587", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Svigo-o/TOTOLINK-Vul/tree/main/totolink-a3300r-user-cmd-injection"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Svigo-o/TOTOLINK-Vul/tree/main/totolink-a3300r-user-cmd-injection"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.0.0cu.557_b20221024"}}], "enrichment": {"confidence": 85.0, "confidence_source": "inferred", "scores": [{"score": 85.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "a3300r_firmware", "vendor": "totolink"}], "analysis": {"en": {"generated_at": "2026-04-28T15:07:55.969325+00:00", "value": {"mitigation_remediation": ["Deploy verified firmware updates that fix the command injection flaw.", "Restrict or filter network traffic to the /cgi-bin/cstecgi.cgi endpoint, blocking requests from untrusted networks.", "Place the router behind a firewall or interface segmentation to limit direct exposure to the internal network."], "summary": {"action": "Apply Patch", "impact": "Remote Command Execution via HTTP CGI"}, "threat_synthesis": {"affected_systems": "The affected device is the ToToLink A3300R router running firmware version 17.0.0cu.557_B20221024. The corresponding CPEs reference this exact model and firmware build. Any identical or newer builds not yet updated may also be at risk until a release that addresses the vulnerability is applied.", "description_and_impact": "An injection flaw exists in the ToToLink A3300R firmware allowing an attacker to supply arbitrary shell commands through the *user* parameter of the /cgi-bin/cstecgi.cgi endpoint. This vulnerability, classified as CWE\u201177, can lead to remote command execution, compromising the confidentiality, integrity, and availability of the device. The description does not explicitly state the attack vector, but it is inferred that an attacker can exploit this by sending a crafted HTTP request containing the malicious *user* value to the CGI script.", "risk_and_exploitability": "The CVSS base score of 6.5 reflects a medium severity. The EPSS score is reported as less than 1\u202f%, indicating a low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Based on the information provided, the likely attack vector involves sending a crafted HTTP request to the vulnerable CGI endpoint over the network, requiring no special privileges or physical access. Therefore, the primary risk is remote code execution from an external origin."}}}}, "created": "2026-04-27T19:30:11.874837+00:00", "title": "Command Injection in ToToLink A3300R Firmware Enabling Remote Command Execution", "updated": "2026-04-28T15:15:34.204336+00:00", "vendors": ["totolink", "totolink$PRODUCT$a3300r_firmware"]}