CVE-2026-5105

MEDIUM

A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

CVSS v3.1 Score

6.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Complexity
LOW
Privileges
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
Published: 3/30/2026Modified: 3/30/2026

Related Intelligence (1)

HIGHVulnerability

NVD HIGH: CVE-2026-5105 — A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affe...

A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

CVE-2026-5105
NIST NVD

References (5)

https://github.com/LvHongW/Vuln-of-totolink_A3300R/tree/main/A3300R_pptpPassThru_cmd_injectExploitThird Party Advisoryhttps://vuldb.com/submit/779143Permissions RequiredVDB Entryhttps://vuldb.com/vuln/354130Third Party AdvisoryVDB Entryhttps://vuldb.com/vuln/354130/ctiThird Party AdvisoryVDB Entryhttps://www.totolink.net/Product