CVE-2026-9513
Severity CVSS v4.0:
LOW
Type:
CWE-77
Command Injection
Publication date:
25/05/2026
Last modified:
26/05/2026
Description
A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument host_time can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Impact
Base Score 4.0
2.10
Severity 4.0
LOW
Base Score 3.x
6.30
Severity 3.x
MEDIUM
Base Score 2.0
6.50
Severity 2.0
MEDIUM



