CVE-2026-9514 | Totolink CA750-PoE 6.2c.510 Setting /cgi-bin/cstecgi.cgi setNetworkDiag os command injection

A vulnerability, which was classified as critical, has been found in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/NetDiagTracertHop is directly passed by the attacker/so we can control the NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/NetDiagTracertHop leads to os command injection.

This vulnerability is listed as CVE-2026-9514. The attack may be initiated remotely. In addition, an exploit is available.

CVE-2026-9514 | Totolink CA750-PoE 6.2c.510 Setting /cgi-bin/cstecgi.cgi setNetworkDiag os command injection

Post correlati

CVE-2024-54113 | Huawei HarmonyOS 5.0.0 Print Module denial of service

CVE-2023-50212 | D-Link G416 httpd information disclosure (ZDI-23-1828)

CVE-2024-21098 | Oracle GraalVM Compiler denial of service

CVE-2023-42137 | PAX Technology symlink