Which versions of E-LAN Hybrid Recording are affected by CVE-2026-9003?

TONNET E-LAN Hybrid Recording System (TPR7308) contains a high-severity unauthenticated SQL injection flaw that permits remote database access without credentials, exposing recorded communications…

E-LAN Hybrid Recording CVE-2026-9003

Q: What is the CVSS score of CVE-2026-9003?

CVE-2026-9003 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-31046 HIGH

SQL Injection (CWE-89)

2026-05-20 twcert

GHSA-vp9q-mvq5-jq9m

SQLi

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

May 20, 2026 - 04:28 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 20, 2026 - 04:22 vuln.today

cvss_changed

CVSS changed

May 20, 2026 - 04:22 NVD

7.5 (HIGH) 8.7 (HIGH)

Analysis Generated

May 20, 2026 - 04:03 vuln.today

DescriptionNVD

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

AnalysisAI

SQL injection in TONNET's E-LAN Hybrid Recording System allows unauthenticated remote attackers to execute arbitrary SQL queries and exfiltrate database contents over the network. The CVSS 4.0 score of 8.7 reflects high confidentiality impact with no required privileges or user interaction, and no public exploit identified at time of analysis. …

RemediationAI

Within 24 hours: Audit all TPR7308 installations; block external network access where operationally feasible; assess data sensitivity. Within 7 days: Deploy database access logging and SQL injection detection rules; restrict database user permissions to read-only where applicable; enable query pattern monitoring. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-9003 vulnerability details – vuln.today

Back

E-LAN Hybrid Recording CVE-2026-9003

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

E-LAN Hybrid Recording CVE-2026-9003

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code