Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
AnalysisAI
SQL injection in TONNET's E-LAN Hybrid Recording System allows unauthenticated remote attackers to execute arbitrary SQL queries and exfiltrate database contents over the network. The CVSS 4.0 score of 8.7 reflects high confidentiality impact with no required privileges or user interaction, and no public exploit identified at time of analysis. The flaw is reported through TWCERT and affects TONNET's TPR7308 product line per CPE data.
Technical ContextAI
The vulnerability is a CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) flaw in TONNET's E-LAN Hybrid Recording System, a digital video recording / surveillance platform commonly deployed in enterprise and critical-infrastructure environments in the Taiwan market. Per CPE 2.3 data the affected product is cpe:2.3:a:tonnet:tpr7308 - the TPR7308 hybrid NVR/DVR appliance, which exposes a web-based management interface. SQL injection at the CWE-89 level typically arises when user-controlled HTTP parameters are concatenated into database queries without parameterized statements or input sanitization, allowing attackers to alter query logic and read arbitrary tables including credential stores, configuration, and recording metadata.
RemediationAI
Primary remediation is to apply the vendor patch referenced in the TWCERT advisories at https://www.twcert.org.tw/en/cp-139-10912-21886-2.html and https://www.twcert.org.tw/tw/cp-132-10911-e6abb-1.html - the exact fixed firmware version was not included in the provided intelligence and must be confirmed directly from those TWCERT pages or TONNET support before deployment. As compensating controls until patching, restrict the TPR7308 web management interface to a dedicated management VLAN or jump-host network and block its HTTP/HTTPS ports at the perimeter so the vulnerable endpoint is not reachable from untrusted networks; this preserves local administrative access at the cost of remote management convenience. Additionally, place a WAF or reverse proxy in front of the device with rules to block common SQL injection patterns in query strings and POST bodies - note this is a brittle mitigation that may break legitimate operator workflows and should not substitute for patching. Rotate any credentials and review database contents that may have been exfiltrated, since SQLi read-only access typically exposes credential hashes and configuration secrets.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31046
GHSA-vp9q-mvq5-jq9m