Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-31177 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-31177 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-31177 is a command injection vulnerability in the Totolink A3300R router firmware version v17.0.0cu.557_B20221024, exploitable through the device's web management interface via the CGI handler at /cgi-bin/cstecgi.cgi.

Technical Detail

The flaw exists in the handling of the stunMinAlive parameter passed to /cgi-bin/cstecgi.cgi, where user-supplied input is not properly sanitized before being processed by the underlying operating system. An attacker who can reach the management interface can craft a malicious request containing shell metacharacters or command sequences in the stunMinAlive field to achieve unauthenticated or low-barrier remote code execution (RCE) on the device. Successful exploitation grants the attacker arbitrary OS-level command execution, likely with root privileges given the typical privilege context of CGI processes on consumer router firmware.

Exploitation Status

No known exploit code has been publicly documented or confirmed at this time, and this CVE is not currently listed in the CISA Known Exploited Vulnerabilities catalog. The exploit maturity is assessed as no known exploit; however, the straightforward nature of CGI-based command injection vulnerabilities means the barrier to developing functional exploit code is low.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this vulnerability. Routers from consumer and small business vendors with similar CGI injection flaws have historically been targeted by botnet operators for recruitment into DDoS infrastructure, but no such activity has been confirmed for this specific CVE.

What To Do

Organizations and individuals operating the Totolink A3300R should check for a firmware update from Totolink that addresses this vulnerability and apply it immediately given the critical CVSS score of 9.8. If no patch is available, restrict access to the device's management interface by disabling remote management and ensuring the admin interface is not exposed to untrusted networks or the public internet. Network-level controls such as firewall rules blocking external access to port 80 and 443 on the device provide meaningful risk reduction as an interim measure. Monitor for anomalous outbound traffic or unexpected process execution originating from the router as potential indicators of compromise.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →