CVE-2026-9511
6.3 MEDIUMA vulnerability was identified in Totolink CA750-PoE 6.2c.510
Published: 2026-05-25 · Last updated: 2026-05-28
Severity and scoring
- CVSS
- 6.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-77, CWE-78
Description
A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument webWlanIdx leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-9511
- [Other]https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_49/49.md
- [Other]https://vuldb.com/submit/813922
- [Other]https://vuldb.com/vuln/365511
- [Other]https://vuldb.com/vuln/365511/cti
- [Other]https://www.totolink.net/
- [Other]https://vuldb.com/submit/813922
Related CVEs
Same CWE
- CVE-2026-22313 — The device has a webserver that exposes a REST API authenticated with a token on the management network (9.1 CRITICAL)
- CVE-2026-44932 — Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a ... (8.8 HIGH)
- CVE-2024-24909 — Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin (8.8 HIGH)
- CVE-2026-12398 — A command injection vulnerability was found in galaxy_ng (7.5 HIGH)
- CVE-2026-5416 — Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command in... (8.8 HIGH)