CVE-2026-9515 | Totolink CA750-PoE 6.2c.510 Setting /cgi-bin/cstecgi.cgi setUnloadUserData plugin_version os command injection

A vulnerability, which was classified as critical, was found in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument plugin_version results in os command injection.

This vulnerability is cataloged as CVE-2026-9515. The attack may be launched remotely. Furthermore, there is an exploit available.VulDB Recent EntriesRead More