CVE-2026-5105

CVSS v2.0

6.5

Medium

AV:N/AC:L/Au:S/C:P/I:P/A:P

A vulnerability was detected in Totolink A3300R 17.0.0cu.557 b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

Exploit

Fix

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

CVE-2026-5105

Affected Products

A3300R

CVE-2026-5105

Weakness Enumeration

Related Identifiers

Affected Products

References · 6