Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-31178 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-31178 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-31178 is a command injection vulnerability in the Totolink A3300R router firmware version v17.0.0cu.557_B20221024, exploitable through the device's web management interface via the CGI handler at /cgi-bin/cstecgi.cgi.

Technical Detail

The flaw exists in the handling of the stunMaxAlive parameter passed to /cgi-bin/cstecgi.cgi, where user-supplied input is not properly sanitized before being processed by the underlying operating system. An attacker who can reach the management interface can inject arbitrary shell commands through this parameter, resulting in unauthenticated or low-barrier remote code execution (RCE) on the device. Successful exploitation grants the attacker full control over the router, enabling traffic interception, lateral movement into the connected network, or use of the device as a network pivot point.

Exploitation Status

No known exploit code has been publicly observed or confirmed at this time, and this CVE is not currently listed in CISA's Known Exploited Vulnerabilities catalog. The exploit maturity is assessed as no known exploit; however, command injection vulnerabilities in consumer and SOHO router CGI interfaces are historically straightforward to weaponize once the parameter and endpoint are publicly disclosed.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this vulnerability. SOHO router vulnerabilities of this class are frequently incorporated into botnet infrastructure and opportunistic scanning operations, but no confirmed activity against this specific CVE has been reported.

What To Do

Organizations and individuals operating Totolink A3300R devices running firmware v17.0.0cu.557_B20221024 should check for an updated firmware release from Totolink and apply it immediately given the critical CVSS score of 9.8. If no patch is available, restrict access to the device's web management interface by disabling remote management and limiting access to trusted internal hosts only through firewall or ACL controls. Network defenders should monitor for anomalous outbound connections or unexpected process execution originating from edge router devices. Given the nature of the vulnerability, exposure of the management interface to the internet should be treated as an urgent remediation priority regardless of patch availability.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →