Skip to main content

Totolink CA750-PoE EUVD-2026-31789

| CVE-2026-9531 LOW
OS Command Injection (CWE-78)
2026-05-26 VulDB GHSA-x42p-x8wg-p438
Command Injection Ca750 Poe
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 08, 2026 - 13:40 vuln.today
Severity Changed
May 26, 2026 - 19:07 NVD
MEDIUM LOW
CVSS changed
May 26, 2026 - 19:07 NVD
6.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

AnalysisAI

OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows a network-adjacent authenticated attacker to execute arbitrary operating system commands by manipulating the FileName argument passed to the setUpgradeUboot function within the /cgi-bin/cstecgi.cgi Setting Handler. Publicly available exploit code exists, hosted on GitHub, making exploitation accessible to low-skilled attackers. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged device credentials
Delivery
Send crafted HTTP POST to /cgi-bin/cstecgi.cgi
Exploit
Inject shell metacharacters in FileName parameter
Execution
setUpgradeUboot passes unsanitized input to OS call
Impact
Arbitrary commands execute on router firmware
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold at minimum low-privileged credentials on the device's web management interface - confirmed by the CVSS 4.0 PR:L metric. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 2.1 is strikingly low for an OS command injection finding and warrants explicit scrutiny. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained low-privileged credentials to the Totolink CA750-PoE web interface - whether through default credential guessing, credential reuse, or prior compromise - sends a crafted HTTP request to /cgi-bin/cstecgi.cgi targeting the setUpgradeUboot function with a malicious FileName value containing shell metacharacters (e.g., a semicolon followed by a command). The firmware processes this parameter without sanitization and passes it to an OS-level call, executing the injected command in the context of the CGI process. …
Remediation No vendor-released patch has been identified at time of analysis - no Totolink security bulletin or fixed firmware version appears in the available references. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-31789 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy