CVE-2026-9534 - Vulnerability Details

- Totolink CA750-PoE Setting cstecgi.cgi setWiFiWpsConfig os command injection

Description

A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack remotely. The exploit has been published and may be used.

Published: 2026-05-26

Score: 5.3 Medium

EPSS: 4.8% Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw has been identified in the CA750‑PoE firmware 6.2c.510 that allows remote manipulation of the PIN argument to the setWiFiWpsConfig function within the cstecgi.cgi Setting Handler component. The vulnerability permits execution of arbitrary operating system commands, effectively granting an attacker the ability to run code on the device. The impact is the potential compromise of the router’s stability, confidentiality, and integrity, as attackers can administrate the device, alter configurations, or install further malware.

Affected Systems

This issue affects all devices identified as Totolink CA750‑PoE running firmware 6.2c.510. No additional version information is supplied, so earlier firmware revisions may also be susceptible depending on code similarity.

Risk and Exploitability

The problem can be triggered remotely through the web interface, meaning a threat actor does not need physical access. The CVSS score of 5.3 indicates a moderate‑level vulnerability; however, the EPSS score of 5% and absence from the KEV catalog provide no statistical data on current exploitation probabilities. Published exploits are available, so if the device is exposed to untrusted networks or remote management is enabled, the risk of a real‑world compromise is significant. The primary attack vector is through HTTP requests to the CGI script, typically reaching the router from outside the local network.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Totolink

CA750-PoE

affected

Version	Status	Constraints
`6.2c.510`	affected	—

No data.

Vendor Product Confidence Versions

Totolink

Ca750-poe

90%

Version	Status	Scheme	Platform
`6.2c.510`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest vendor firmware upgrade that removes the command injection flaw.
If a patch is not yet available, restrict or disable remote management and WPS functionality, and block HTTP access to /cgi-bin/cstecgi.cgi via firewall rules.
Continuously monitor router logs for abnormal command execution attempts and review access control configurations to ensure only trusted IP ranges can reach the management interface.

Generated by OpenCVE AI on June 1, 2026 at 14:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.04841.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_57/57.md
https://vuldb.com/submit/813938
https://vuldb.com/vuln/365561
https://vuldb.com/vuln/365561/cti
https://www.totolink.net/

History

Tue, 26 May 2026 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 26 May 2026 06:30:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
Title		Totolink CA750-PoE Setting cstecgi.cgi setWiFiWpsConfig os command injection
First Time appeared		Totolink Totolink ca750-poe
Weaknesses		CWE-77 CWE-78
CPEs		cpe:2.3:a:totolink:ca750-poe::::::::
Vendors & Products		Totolink Totolink ca750-poe
References		https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_57/57.md https://vuldb.com/submit/813938 https://vuldb.com/vuln/365561 https://vuldb.com/vuln/365561/cti https://www.totolink.net/
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Totolink Ca750-poe

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-26T05:30:11.573Z

Updated: 2026-05-26T12:24:50.903Z

Reserved: 2026-05-25T19:44:16.865Z

Link: CVE-2026-9534

Vulnrichment

Updated: 2026-05-26T12:24:47.519Z

NVD

Status : Deferred

Published: 2026-05-26T07:16:19.897

Modified: 2026-05-26T18:59:55.850

Link: CVE-2026-9534

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-01T14:45:26Z

Weaknesses

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object