EUVD-2026-31762
GHSA-28vj-4cr8-q6x4
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
AnalysisAI
OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows a network-reachable, low-privilege authenticated attacker to execute arbitrary operating system commands by injecting shell metacharacters into the admuser or admpass arguments of the setPasswordCfg function within /cgi-bin/cstecgi.cgi. A public proof-of-concept exploit has been published on GitHub, materially lowering the bar for exploitation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to be authenticated to the Totolink CA750-PoE web management interface with at least low-level privileges (confirmed by CVSS PR:L - unauthenticated exploitation is not indicated by available data). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 2.1 (Low) reflects conservative impact metrics (VC:L/VI:L/VA:L, SC:N/SI:N/SA:N) that appear inconsistent with an OS command injection on an embedded networking device, where such vulnerabilities typically yield full root shell access - defenders should not rely on this score alone. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained a low-privilege account on the CA750-PoE management interface - through credential guessing, default credentials, or prior compromise - sends a crafted HTTP POST request to /cgi-bin/cstecgi.cgi invoking setPasswordCfg, with shell metacharacters embedded in the admuser or admpass field (e.g., admpass=password;id). The device firmware processes the input without sanitization, and the injected command executes in the context of the web server process. … |
| Remediation | No vendor-released patch has been identified at time of analysis; monitor the Totolink vendor site (https://www.totolink.net/) and VulDB (https://vuldb.com/vuln/365512) for patch availability. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today