HIGHCVE-2026-9003Published 2026-05-20Modified 2026-05-20CNA twcert

CVE-2026-9003: TONNET｜E-LAN Hybrid Recording System - SQL Injection

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: mdiskTRS08_tonnet_20260203-1636
Affected Products: 1

Fix available

mdiskTRS08_tonnet_20260203-1636

Affected packages

TONNET / TPR7308
< mdiskTRS08_tonnet_20260203-1636 (from 0)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References

twcert.org.tw
twcert.org.tw

Metrics

Fix available