EUVD-2026-31794
GHSA-mcj4-p9r9-g5ph
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
AnalysisAI
OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows authenticated remote attackers to execute arbitrary shell commands by manipulating the FileName argument passed to the setUploadUserData function within the /cgi-bin/cstecgi.cgi Setting Handler. A public proof-of-concept exploit is available on GitHub, meaningfully lowering the skill barrier for adversaries. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold at least low-privilege authenticated access to the Totolink CA750-PoE web administration interface, confirmed by CVSS PR:L - unauthenticated exploitation is not supported by the available vector data. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 2.1 is anomalously low for an OS command injection vulnerability and warrants scrutiny - it appears to be driven by the limited per-target impact ratings (VC:L/VI:L/VA:L) and the absence of subsequent system scope (SC:N/SI:N/SA:N), possibly reflecting conservative scoping of a single embedded device rather than broader infrastructure. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained low-privilege credentials to the Totolink CA750-PoE web administration interface - whether via default credentials, credential reuse, or prior compromise - sends a crafted HTTP POST request to /cgi-bin/cstecgi.cgi targeting the setUploadUserData function, embedding shell metacharacters (e.g., a semicolon-delimited command) within the FileName parameter value. The device's CGI handler passes the unsanitized filename directly to a shell command, causing the injected payload to execute with the privileges of the web server process on the embedded Linux system. … |
| Remediation | No vendor-released patch has been identified at time of analysis - the NVD CPE entry uses a wildcard version range and no fix version appears in the VulDB advisory (https://vuldb.com/vuln/365559) or any other referenced source, so patch status is unknown rather than confirmed unavailable. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today