CVE-2026-9532 | Totolink CA750-PoE 6.2c.510 Setting /cgi-bin/cstecgi.cgi setUploadUserData FileName os command injection

A vulnerability was found in Totolink CA750-PoE 6.2c.510 and classified as critical. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection.

This vulnerability is listed as CVE-2026-9532. The attack may be performed from remote. In addition, an exploit is available.VulDB Recent EntriesRead More