CVE-2026-5105 in Totolink A3300R
Сводка (Английский)
A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Раскрытие
30.03.2026
Записи
| ИД | Уязвимость | CWE | База | Темп | 0day | Сегодня | Экс | KEV | EPSS | CTI | Кон | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 354130 | Totolink A3300R Parameter cstecgi.cgi setVpnPassCfg эскалация привилегий | 77 | 6.3 | 5.7 | $0-$5k | $0-$5k | Доказательство концепции | 0.00000 | 4.58- | Не определено | CVE-2026-5105 |