CVE-2026-9532 | Totolink CA750-PoE 6.2c.510 Setting /cgi-bin/cstecgi.cgi setUploadUserData FileName os command injection

Inserito da Angelo Barbosa | Mag 25, 2026 | CVE

A vulnerability was found in Totolink CA750-PoE 6.2c.510 and classified as critical. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection.

This vulnerability is listed as CVE-2026-9532. The attack may be performed from remote. In addition, an exploit is available.

CVE-2026-9532 | Totolink CA750-PoE 6.2c.510 Setting /cgi-bin/cstecgi.cgi setUploadUserData FileName os command injection

Post correlati

CVE-2024-7744 | Progress WS_FTP Server up to 8.8.7 Web Transfer Module path traversal

CVE-2024-10929 | ARM Cortex-A72/Cortex-A73/Cortex-A75 prior r1p0 Privilege Escalation

CVE-2024-24213 | Supabase PostgreSQL 15.1 /pg_meta/default/query sql injection

CVE-2024-6350 | Silabs Simplicity SDK prior 2024.12.0 802.15.4 Packet buffer overflow