CVE-2026-9533 | Totolink CA750-PoE 6.2c.510 Setting /cgi-bin/cstecgi.cgi recvUpgradeNewFw fwUrl/magicid os command injection

Inserito da Angelo Barbosa | Mag 25, 2026 | CVE

A vulnerability was found in Totolink CA750-PoE 6.2c.510. It has been classified as critical. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection.

This vulnerability is cataloged as CVE-2026-9533. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2026-9533 | Totolink CA750-PoE 6.2c.510 Setting /cgi-bin/cstecgi.cgi recvUpgradeNewFw fwUrl/magicid os command injection

Post correlati

CVE-2026-6799 | Comfast CF-N1-S 2.6.0.1 Endpoint mbox-config?method=SET&section=ping_config destination command injection

CVE-2024-32852 | Dell PowerScale OneFS up to 9.5.0.8/9.7.0.0 risky encryption (dsa-2024-255)

CVE-2024-11342 | Skt NURCaptcha Plugin up to 3.5.0 on WordPress cross site scripting

CVE-2024-12638 | Bulk Me Now Plugin up to 2.0 on WordPress cross site scripting