CVE-2026-9531

MEDIUM NVD

CVSS Score 6.3

Severity MEDIUM

Published May 26, 2026

Vendor unknown

Description

A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

References

https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_54/54.md
https://vuldb.com/submit/813929
https://vuldb.com/vuln/365558
https://vuldb.com/vuln/365558/cti
https://www.totolink.net/