CVE-2026-9003
Description
E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated SQL injection in TONNET E-LAN Hybrid Recording System allows remote attackers to read database contents; patch available.
CVE-2026-9003 is a SQL injection vulnerability in the TONNET E-LAN Hybrid Recording System, specifically affecting model TPR7308. The root cause is improper input validation, allowing an attacker to inject arbitrary SQL commands into database queries [1][2].
An unauthenticated remote attacker can exploit this vulnerability by sending specially crafted requests to the system's network interface. No authentication or prior access is required, making the attack surface broad and easily accessible over the network [1][2].
Successful exploitation enables the attacker to read arbitrary database contents, leading to significant information disclosure. The CVSS v3.1 base score is 7.5 (High), with a confidentiality impact of High and no impact on integrity or availability [1][2].
TONNET has released a firmware update to address the issue. Users should upgrade to version mdiskTRS08_tonnet_20260203-1636 or later to remediate the vulnerability [1][2].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.