Ca750 Poe
Monthly
OS command injection in Totolink CA750-PoE 6.2c.510 allows a low-privileged remote attacker to execute arbitrary operating system commands by manipulating the PIN argument passed to the setWiFiWpsConfig function within /cgi-bin/cstecgi.cgi. The attack requires no user interaction and is reachable over the network, making it a credible threat to any deployment exposing the device's management interface. A public proof-of-concept exploit has been published on GitHub, and EPSS places this at the 87th percentile of exploitation likelihood despite a low raw CVSS 4.0 score of 2.1 - a signal worth noting against the mismatch.
OS command injection in Totolink CA750-PoE firmware 6.2c.510 enables remote attackers with low-level credentials to execute arbitrary operating system commands via the fwUrl and magicid parameters of the recvUpgradeNewFw function within /cgi-bin/cstecgi.cgi. The firmware upgrade Setting Handler fails to sanitize user-supplied input before passing it to the underlying OS shell, exposing the device to command execution. A public proof-of-concept exploit is available on GitHub; while not yet listed in CISA KEV, the EPSS 87th-percentile ranking signals elevated real-world exploitation interest relative to the broader vulnerability landscape.
OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows authenticated remote attackers to execute arbitrary shell commands by manipulating the FileName argument passed to the setUploadUserData function within the /cgi-bin/cstecgi.cgi Setting Handler. A public proof-of-concept exploit is available on GitHub, meaningfully lowering the skill barrier for adversaries. While not listed in CISA KEV, the EPSS score of 2.95% at the 87th percentile signals real-world exploitation probability well above average, making this a higher practical risk than the CVSS 4.0 base score of 2.1 alone would suggest.
OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows a network-adjacent authenticated attacker to execute arbitrary operating system commands by manipulating the FileName argument passed to the setUpgradeUboot function within the /cgi-bin/cstecgi.cgi Setting Handler. Publicly available exploit code exists, hosted on GitHub, making exploitation accessible to low-skilled attackers. No public exploit identified in CISA KEV at time of analysis, though the EPSS 87th percentile ranking signals elevated exploitation interest relative to the broader CVE population despite a low absolute probability of 2.95%.
OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows a remote, low-privileged attacker to execute arbitrary operating system commands on the device by manipulating the plugin_version parameter in the setUnloadUserData function of /cgi-bin/cstecgi.cgi. A public proof-of-concept exploit exists on GitHub, and the EPSS percentile (87th) indicates this CVE carries meaningfully higher exploitation likelihood than the majority of published vulnerabilities despite its low CVSS 4.0 base score of 2.1. No public exploit identified as actively exploited (CISA KEV), but POC availability on a network-accessible embedded device warrants prompt attention in exposed deployments.
OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows authenticated remote attackers to execute arbitrary operating system commands by manipulating network diagnostic parameters in the device's CGI handler. The vulnerable function setNetworkDiag, reachable at /cgi-bin/cstecgi.cgi, passes attacker-controlled values for NetDiagHost, NetDiagPingNum, NetDiagPingSize, NetDiagPingTimeOut, and NetDiagTracertHop directly into OS command execution without sanitization. A public proof-of-concept exploit exists on GitHub; the EPSS score of 2.95% at the 87th percentile indicates elevated exploitation likelihood relative to the broader CVE population, though SSVC assessment rates the attack as not automatable.
OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows a low-privileged remote attacker to execute arbitrary system commands on the device by manipulating the host_time argument passed to the NTPSyncWithHost function within the CGI-based Setting Handler. A public proof-of-concept exploit is available on GitHub, lowering the bar for exploitation. Despite being an OS command injection - a class of vulnerability typically associated with high-severity scores - the vendor CVSS 4.0 score of 2.1 reflects unusually low impact ratings (VC:L/VI:L/VA:L) that security teams should independently verify, as the 87th-percentile EPSS score signals that this CVE's characteristics are consistent with real-world exploitation interest.
OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows a network-reachable, low-privilege authenticated attacker to execute arbitrary operating system commands by injecting shell metacharacters into the admuser or admpass arguments of the setPasswordCfg function within /cgi-bin/cstecgi.cgi. A public proof-of-concept exploit has been published on GitHub, materially lowering the bar for exploitation. No vendor-released patch has been identified at time of analysis, leaving affected deployments dependent on compensating controls.
OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows authenticated remote attackers to execute arbitrary OS commands by manipulating the webWlanIdx argument within the setWebWlanIdx function of /cgi-bin/cstecgi.cgi. A publicly available proof-of-concept exploit hosted on GitHub exists, materially lowering the skill threshold for exploitation despite the low CVSS 4.0 score of 2.1. No public exploit identified at time of analysis as confirmed actively exploited (CISA KEV), but EPSS places this at the 85th percentile, signaling elevated exploitation likelihood relative to the broader CVE population.
OS command injection in Totolink CA750-PoE 6.2c.510 allows a low-privileged remote attacker to execute arbitrary operating system commands by manipulating the PIN argument passed to the setWiFiWpsConfig function within /cgi-bin/cstecgi.cgi. The attack requires no user interaction and is reachable over the network, making it a credible threat to any deployment exposing the device's management interface. A public proof-of-concept exploit has been published on GitHub, and EPSS places this at the 87th percentile of exploitation likelihood despite a low raw CVSS 4.0 score of 2.1 - a signal worth noting against the mismatch.
OS command injection in Totolink CA750-PoE firmware 6.2c.510 enables remote attackers with low-level credentials to execute arbitrary operating system commands via the fwUrl and magicid parameters of the recvUpgradeNewFw function within /cgi-bin/cstecgi.cgi. The firmware upgrade Setting Handler fails to sanitize user-supplied input before passing it to the underlying OS shell, exposing the device to command execution. A public proof-of-concept exploit is available on GitHub; while not yet listed in CISA KEV, the EPSS 87th-percentile ranking signals elevated real-world exploitation interest relative to the broader vulnerability landscape.
OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows authenticated remote attackers to execute arbitrary shell commands by manipulating the FileName argument passed to the setUploadUserData function within the /cgi-bin/cstecgi.cgi Setting Handler. A public proof-of-concept exploit is available on GitHub, meaningfully lowering the skill barrier for adversaries. While not listed in CISA KEV, the EPSS score of 2.95% at the 87th percentile signals real-world exploitation probability well above average, making this a higher practical risk than the CVSS 4.0 base score of 2.1 alone would suggest.
OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows a network-adjacent authenticated attacker to execute arbitrary operating system commands by manipulating the FileName argument passed to the setUpgradeUboot function within the /cgi-bin/cstecgi.cgi Setting Handler. Publicly available exploit code exists, hosted on GitHub, making exploitation accessible to low-skilled attackers. No public exploit identified in CISA KEV at time of analysis, though the EPSS 87th percentile ranking signals elevated exploitation interest relative to the broader CVE population despite a low absolute probability of 2.95%.
OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows a remote, low-privileged attacker to execute arbitrary operating system commands on the device by manipulating the plugin_version parameter in the setUnloadUserData function of /cgi-bin/cstecgi.cgi. A public proof-of-concept exploit exists on GitHub, and the EPSS percentile (87th) indicates this CVE carries meaningfully higher exploitation likelihood than the majority of published vulnerabilities despite its low CVSS 4.0 base score of 2.1. No public exploit identified as actively exploited (CISA KEV), but POC availability on a network-accessible embedded device warrants prompt attention in exposed deployments.
OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows authenticated remote attackers to execute arbitrary operating system commands by manipulating network diagnostic parameters in the device's CGI handler. The vulnerable function setNetworkDiag, reachable at /cgi-bin/cstecgi.cgi, passes attacker-controlled values for NetDiagHost, NetDiagPingNum, NetDiagPingSize, NetDiagPingTimeOut, and NetDiagTracertHop directly into OS command execution without sanitization. A public proof-of-concept exploit exists on GitHub; the EPSS score of 2.95% at the 87th percentile indicates elevated exploitation likelihood relative to the broader CVE population, though SSVC assessment rates the attack as not automatable.
OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows a low-privileged remote attacker to execute arbitrary system commands on the device by manipulating the host_time argument passed to the NTPSyncWithHost function within the CGI-based Setting Handler. A public proof-of-concept exploit is available on GitHub, lowering the bar for exploitation. Despite being an OS command injection - a class of vulnerability typically associated with high-severity scores - the vendor CVSS 4.0 score of 2.1 reflects unusually low impact ratings (VC:L/VI:L/VA:L) that security teams should independently verify, as the 87th-percentile EPSS score signals that this CVE's characteristics are consistent with real-world exploitation interest.
OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows a network-reachable, low-privilege authenticated attacker to execute arbitrary operating system commands by injecting shell metacharacters into the admuser or admpass arguments of the setPasswordCfg function within /cgi-bin/cstecgi.cgi. A public proof-of-concept exploit has been published on GitHub, materially lowering the bar for exploitation. No vendor-released patch has been identified at time of analysis, leaving affected deployments dependent on compensating controls.
OS command injection in Totolink CA750-PoE firmware 6.2c.510 allows authenticated remote attackers to execute arbitrary OS commands by manipulating the webWlanIdx argument within the setWebWlanIdx function of /cgi-bin/cstecgi.cgi. A publicly available proof-of-concept exploit hosted on GitHub exists, materially lowering the skill threshold for exploitation despite the low CVSS 4.0 score of 2.1. No public exploit identified at time of analysis as confirmed actively exploited (CISA KEV), but EPSS places this at the 85th percentile, signaling elevated exploitation likelihood relative to the broader CVE population.