CVE-2026-9531 | Totolink CA750-PoE 6.2c.510 Setting /cgi-bin/cstecgi.cgi setUpgradeUboot FileName os command injection

A vulnerability has been found in Totolink CA750-PoE 6.2c.510 and classified as critical. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection.

This vulnerability is tracked as CVE-2026-9531. The attack is possible to be carried out remotely. Moreover, an exploit is present.VulDB Recent EntriesRead More