Totolink CA750-PoE Setting cstecgi.cgi NTPSyncWithHost os command injection_CVE-2026-9513

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument host_time can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

Basic Information

ID CVE-2026-9513

Source VulDB

Published May 25, 2026 at 22:30

Affected Product

Vendor Totolink

Product CA750-PoE

Version 6.2c.510

Affected Versions Totolink CA750-PoE 6.2c.510

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument host_time can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.",
    "published": "2026-05-25T22:30:12.005Z",
    "modified": "2026-05-25T22:30:12.005Z",
    "type": "cve",
    "title": "Totolink CA750-PoE Setting cstecgi.cgi NTPSyncWithHost os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/365513\nhttps://vuldb.com/vuln/365513/cti\nhttps://vuldb.com/submit/813924\nhttps://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_51/51.md\nhttps://www.totolink.net/",
    "id": "CVE-2026-9513",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Totolink CA750-PoE 6.2c.510",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CA750-PoE",
    "version": "6.2c.510",
    "vendor": "Totolink",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}