EUVD-2026-31768
GHSA-cj6j-82gg-5fpg
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument host_time can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
AnalysisAI
OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows a low-privileged remote attacker to execute arbitrary system commands on the device by manipulating the host_time argument passed to the NTPSyncWithHost function within the CGI-based Setting Handler. A public proof-of-concept exploit is available on GitHub, lowering the bar for exploitation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires low-privilege authenticated access to the Totolink CA750-PoE management web interface - the CVSS 4.0 vector specifies PR:L (low privileges required), confirming that some level of authentication is needed, ruling out fully unauthenticated attacks. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 2.1 is strikingly low for an OS command injection and warrants independent scrutiny - the vector indicates network-reachable (AV:N), low complexity (AC:L), no special conditions (AT:N), and no user interaction (UI:N), all of which normally drive scores significantly higher. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with low-privilege access to the Totolink CA750-PoE management interface (e.g., a guest credential, a default or weak password) sends a crafted HTTP POST request to /cgi-bin/cstecgi.cgi, injecting shell metacharacters into the host_time parameter during an NTP sync operation - for example, appending '; <malicious_command>' to the argument. The firmware's NTPSyncWithHost function passes this value unsanitized to a shell command, executing attacker-controlled OS commands on the device. … |
| Remediation | No vendor-released patch has been identified at time of analysis - the Totolink website reference in this CVE does not point to a specific advisory or patched firmware. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today