LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-5105

CVE-2026-5105 - Vulnerability Analysis

MediumCVSS: 6.3

Last Updated: March 30, 2026

Totolink A3300R - Command Injection

Published: March 30, 2026Updated: March 30, 2026PoC AvailableRemote Exploitable

Overview

Totolink A3300R 17.0.0cu.557_b20221024 contains a command injection caused by manipulation of the "pptpPassThru" argument in setVpnPassCfg function of /cgi-bin/cstecgi.cgi Parameter Handler, letting remote attackers execute arbitrary commands, exploit requires no special privileges.

Severity & Score

Severity: Medium
CVSS Score: 6.3
EPSS Score: 216.4%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary commands, potentially taking full control of the device.

Mitigation

Update to the latest version.

References

Social Media Activity(1 post)

ZEN SecDB
ZEN SecDB
@secdb
Apr 6, 2026

📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06) See more at https://secdb.nttzen.cloud/dashboard Total CVEs: 1282 Severity: - Critical: 134 - High: 375 - Medium: 561 - Low: 63 - None: 149 Status: - : 54 - Analyzed: 257 - Awaiting Analysis: 410 - Modified: 9 - Received: 265 - Rejected: 7 - Undergoing Analysis: 280 Top CNAs: - GitHub, Inc.: 374 - VulDB: 165 - VulnCheck: 147 - MITRE: 109 - kernel.org: 91 - N/A: 54 - Wordfence: 43 - Chrome: 21 - IBM Corporation: 17 - Cisco Systems, Inc.: 16 Top Affected Products: - UNKNOWN: 933 - Endian Firewall: 30 - Openclaw: 24 - Google Chrome: 21 - Seppmail Secure Email Gateway: 14 - Apple Macos: 13 - Wwbn Avideo: 13 - Ahsanriaz26gmailcom Sales And Inventory System: 11 - Xenforo: 10 - Parseplatform Parse-server: 9 Top EPSS Score: - CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257) - CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156) - CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020) - CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281) - CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176) - CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453) - CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102) - CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103) - CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104) - CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)

View original post

Related Resources

Details

CVE ID
CVE-2026-5105
Severity
Medium
CVSS Score
6.3
Type
command_injection
Status
confirmed
EPSS
216.4%
Social Posts
1

CWE

  • CWE-74
  • CWE-77

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score

216.4%Probability of exploitation in the next 30 days