Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-31175 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-31175 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-31175 is a command injection vulnerability in the Totolink A3300R router firmware version v17.0.0cu.557_B20221024, exploitable through the device's web management interface via the CGI handler at /cgi-bin/cstecgi.cgi.

Technical Detail

The flaw exists in the handling of the stunEnable parameter passed to the /cgi-bin/cstecgi.cgi endpoint, where user-supplied input is not properly sanitized before being processed by the underlying operating system. An attacker who can reach the management interface can craft a malicious request containing shell metacharacters or command sequences within the stunEnable parameter to achieve unauthenticated or low-barrier remote code execution (RCE) on the device. Successful exploitation grants the attacker arbitrary OS-level command execution, likely with root privileges given the typical privilege context of CGI processes on consumer router firmware.

Exploitation Status

No known exploit code has been publicly documented or confirmed at this time, and this CVE is not currently listed in CISA's Known Exploited Vulnerabilities catalog. The exploit maturity is assessed as no known exploit, though the straightforward nature of parameter-level command injection in CGI endpoints historically lowers the barrier to independent discovery and weaponization.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this vulnerability in available intelligence. Routers from budget and SMB-oriented vendors such as Totolink are frequently targeted by botnet operators and opportunistic actors, but no confirmed activity against this specific CVE has been reported.

What To Do

Organizations and individuals operating the Totolink A3300R on firmware version v17.0.0cu.557_B20221024 should check Totolink's official support channels immediately for a patched firmware release and apply any available update as a priority given the critical CVSS score of 9.8. If no patch is available, restrict access to the device's web management interface by disabling remote management, placing the admin interface on an isolated management VLAN, and enforcing firewall rules that block external access to the CGI endpoint. As a detection signal, monitor HTTP request logs for unusual or malformed values in the stunEnable parameter submitted to /cgi-bin/cstecgi.cgi. Devices that cannot be patched or adequately isolated should be considered for replacement.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →