CVE-2026-5105 in Totolink A3300R
Summary
A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Disclosure
03/30/2026
Entries
| ID | Vulnerability | CWE | Base | Temp | 0day | Today | Exp | KEV | EPSS | CTI | Cou | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 354130 | Totolink A3300R Parameter cstecgi.cgi setVpnPassCfg command injection | 77 | 6.3 | 5.7 | $0-$5k | $0-$5k | Proof-of-Concept | 0.00000 | 5.83 | Not defined | CVE-2026-5105 |