CVE-2026-5105 | Totolink A3300R 17.0.0cu.557_b20221024 Parameter /cgi-bin/cstecgi.cgi setVpnPassCfg pptpPassThru command injection

Inserito da Angelo Barbosa | Mar 29, 2026 | CVE

A vulnerability classified as critical has been found in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection.

This vulnerability is cataloged as CVE-2026-5105. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2026-5105 | Totolink A3300R 17.0.0cu.557_b20221024 Parameter /cgi-bin/cstecgi.cgi setVpnPassCfg pptpPassThru command injection

Post correlati

CVE-2025-69329 | Prestige Plugin up to 1.4.0 on WordPress deserialization

CVE-2025-6275 | WebAssembly wabt up to 1.0.37 binary-reader-interp.cc GetFuncOffset use after free (Issue 2614)

CVE-2023-52115 | Huawei HarmonyOS 4.0.0 iAware Module use after free

CVE-2024-11727 | wpdevteam NotificationX Plugin up to 2.9.3 on WordPress Setting cross site scripting