EUVD-2026-31760
GHSA-wv96-774q-mh29
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument webWlanIdx leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
AnalysisAI
OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows authenticated remote attackers to execute arbitrary OS commands by manipulating the webWlanIdx argument within the setWebWlanIdx function of /cgi-bin/cstecgi.cgi. A publicly available proof-of-concept exploit hosted on GitHub exists, materially lowering the skill threshold for exploitation despite the low CVSS 4.0 score of 2.1. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The web management interface endpoint /cgi-bin/cstecgi.cgi must be reachable from the attacker's network position - either via local LAN access or, if the management interface is exposed to the internet (common with misconfigured SOHO devices), remotely over the public internet. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 2.1 is anomalously low for a remotely exploitable OS command injection with a public PoC - this disparity warrants explicit scrutiny. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained low-privilege credentials to the CA750-PoE web management interface - either through credential stuffing against default credentials or prior reconnaissance - sends a crafted HTTP POST request to /cgi-bin/cstecgi.cgi with a webWlanIdx parameter containing shell metacharacters such as semicolons, backticks, or pipe characters. The setWebWlanIdx handler processes the input without sanitization and passes it directly into an OS-level command, executing the attacker's injected payload with the privileges of the CGI web server process. … |
| Remediation | No vendor-released patch has been identified in the available data - no fix version or Totolink security advisory was found among the provided references, so patch availability is unconfirmed at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today