Totolink CA750-PoE Setting cstecgi.cgi setUpgradeUboot os command injection_CVE-2026-9531

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

Basic Information

ID CVE-2026-9531

Source VulDB

Published May 26, 2026 at 04:45

Affected Product

Vendor Totolink

Product CA750-PoE

Version 6.2c.510

Affected Versions Totolink CA750-PoE 6.2c.510

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.",
    "published": "2026-05-26T04:45:14.640Z",
    "modified": "2026-05-26T04:45:14.640Z",
    "type": "cve",
    "title": "Totolink CA750-PoE Setting cstecgi.cgi setUpgradeUboot os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/365558\nhttps://vuldb.com/vuln/365558/cti\nhttps://vuldb.com/submit/813929\nhttps://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_54/54.md\nhttps://www.totolink.net/",
    "id": "CVE-2026-9531",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Totolink CA750-PoE 6.2c.510",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CA750-PoE",
    "version": "6.2c.510",
    "vendor": "Totolink",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}