CVE-2026-9513 | Totolink CA750-PoE 6.2c.510 Setting /cgi-bin/cstecgi.cgi NTPSyncWithHost host_time os command injection

Inserito da Angelo Barbosa | Mag 25, 2026 | CVE

A vulnerability classified as critical was found in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument host_time can lead to os command injection.

This vulnerability is tracked as CVE-2026-9513. The attack can be launched remotely. Moreover, an exploit is present.

CVE-2026-9513 | Totolink CA750-PoE 6.2c.510 Setting /cgi-bin/cstecgi.cgi NTPSyncWithHost host_time os command injection

Post correlati

CVE-2026-33598 | PowerDNS DNSdist up to 1.9.12/2.0.3 Response getDomainListByAddress/getAddressListByDomain out-of-bounds

CVE-2025-14867 | liangshao Flashcard Plugin for WordPress up to 0.9 on WordPress Shortcode flashcard path traversal

CVE-2024-23874 | Cups Easy 1.0 URL companymodify.php cross site scripting

CVE-2025-22822 | Bishawjit Das wp custom countdown Plugin up to 2.8 on WordPress cross site scripting