Add CVE-2026-5105 - Totolink A3300R OS command injection template

[CEHCVKR]

PR Information

• Added CVE-2026-5105
• References:
  • https://nvd.nist.gov/vuln/detail/CVE-2026-5105
  • https://github.com/LvHongW/Vuln-of-totolink_A3300R/tree/main/A3300R_pptpPassThru_cmd_inject

Adds a new HTTP template for Totolink A3300R OS command injection in /cgi-bin/cstecgi.cgi via the pptpPassThru parameter.

Detection uses two-request timing validation:

• Request 1: baseline (pptpPassThru=1)
• Request 2: payload (pptpPassThru=$(sleep 7) URL-encoded)

Match conditions:

• status_code_1 == 200
• status_code_2 == 200
• duration_1 < 4
• duration_2 >= 7
• (duration_2 - duration_1) >= 5

This helps reduce false positives versus single-request timing checks.

Template validation

• Validated with a host running a vulnerable version and/or configuration (True Positive)
• Validated with a host running a patched version and/or configuration (avoid False Positive)

Additional Details (leave it blank if not applicable)

• Template syntax validated locally using:
  • nuclei -validate -duc -t http/cves/2026/CVE-2026-5105.yaml
• Functional behavior tested in a local mock lab with debug mode.
• verified: false is intentionally kept until validation on a confirmed real vulnerable target (and ideally a patched target).

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server

[neo-by-projectdiscovery-dev]

Neo - Nuclei Template Review

No security issues found

Hardening Notes

• This increment contains only a merge commit with no substantive changes to the PR content
• The CVE-2026-5105 template remains in the same state as the initial commit dc645f6
• Any concerns from the previous review (authentication metadata, timeout directive, verification status) remain unaddressed

_{Comment @pdneo help for available commands. · Open in Neo}

[CEHCVKR]

Hi maintainers, gentle follow-up on this PR when you have time.
This is my first contribution to nuclei-templates.
Please let me know if any changes are needed from my side. Thank you!

[CEHCVKR]

Hi maintainers,
I’ve pushed an update addressing the hardening feedback in commit d0627b6:

1. clarified authenticated context (PR:L),
2. added explicit @timeout for both timing-based requests,
3. kept verified: false intentionally until validation on confirmed vulnerable and patched targets.

I also revalidated locally with:
nuclei -validate -duc -t [CVE-2026-5105.yaml]

Could you please approve the pending workflow and re-review when convenient? Thank you.