CVE-2026-5105 in Totolink A3300R
Résumé (Anglaise)
A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Divulgation
30/03/2026
Entrées
| ID | Vulnérabilité | CWE | Base | Temp | 0day | Aujourd'hui | Exp | KEV | EPSS | CTI | Con | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 354130 | Totolink A3300R Parameter cstecgi.cgi setVpnPassCfg élévation de privilèges | 77 | 6.3 | 5.7 | $0-$5k | $0-$5k | Preuve de concept | 0.00000 | 5.50- | Non défini | CVE-2026-5105 |