CVE-2026-9512 | Totolink CA750-PoE 6.2c.510 Setting /cgi-bin/cstecgi.cgi setPasswordCfg admuser/admpass os command injection

Inserito da Angelo Barbosa | Mag 25, 2026 | CVE

A vulnerability classified as critical has been found in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command injection.

This vulnerability is identified as CVE-2026-9512. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2026-9512 | Totolink CA750-PoE 6.2c.510 Setting /cgi-bin/cstecgi.cgi setPasswordCfg admuser/admpass os command injection

Post correlati

CVE-2025-49852 | ControlID iDSecure On-premises up to 4.7.48.0 server-side request forgery (icsa-25-175-05)

CVE-2024-23091 | HotelDruid up to 1.31 funzioni.php weak password hash

CVE-2025-59102 | Dormakaba Access Manager 92xx-k5 SOAP API backup cleartext storage

CVE-2024-1011 | SourceCodester Employee Management System 1.0 Leave delete-leave.php id access control