CVE-2026-9512

Severity CVSS v4.0:
LOW
Type:
CWE-77 Command Injection
Publication date:
25/05/2026
Last modified:
26/05/2026

Description

A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.