CVE-2026-9534— Totolink CA750-PoE Setting cstecgi.cgi setWiFiWpsConfig os command injection
Possible ATT&CK Techniques 3AI
T1105 · Ingress Tool Transfer T1059 · Command and Scripting Interpreter T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-9534
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Totolink CA750-PoE Setting cstecgi.cgi setWiFiWpsConfig os command injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-9534
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-9534
请登录查看更多情报信息。
Other References for CVE-2026-9534 (1)
Same Patch Batch · Totolink · 2026-05-26 · 5 CVEs total
| CVE-2026-9543 | 9.8 CRITICAL | Totolink N300RH Web Management cstecgi.cgi setPasswordCfg os command injection |
| CVE-2026-9533 | 6.3 MEDIUM | Totolink CA750-PoE Setting cstecgi.cgi recvUpgradeNewFw os command injection |
| CVE-2026-9532 | 6.3 MEDIUM | Totolink CA750-PoE Setting cstecgi.cgi setUploadUserData os command injection |
| CVE-2026-9531 | 6.3 MEDIUM | Totolink CA750-PoE Setting cstecgi.cgi setUpgradeUboot os command injection |
IV. Related Vulnerabilities
Same product: CA750-PoE
- CVE-2026-9533
Totolink CA750-PoE Setting cstecgi.cgi recvUpgradeNewFw os c - CVE-2026-9532
Totolink CA750-PoE Setting cstecgi.cgi setUploadUserData os - CVE-2026-9531
Totolink CA750-PoE Setting cstecgi.cgi setUpgradeUboot os co - CVE-2026-9515
Totolink CA750-PoE Setting cstecgi.cgi setUnloadUserData os - CVE-2026-9514
Totolink CA750-PoE Setting cstecgi.cgi setNetworkDiag os com
Same vendor: Totolink
- CVE-2026-9543
Totolink N300RH Web Management cstecgi.cgi setPasswordCfg os - CVE-2026-9533
Totolink CA750-PoE Setting cstecgi.cgi recvUpgradeNewFw os c - CVE-2026-9532
Totolink CA750-PoE Setting cstecgi.cgi setUploadUserData os - CVE-2026-9531
Totolink CA750-PoE Setting cstecgi.cgi setUpgradeUboot os co - CVE-2026-9515
Totolink CA750-PoE Setting cstecgi.cgi setUnloadUserData os
Same weakness: CWE-78
- CVE-2026-45322
OS Command Injection in Microsoft UFO Shell Action Replay vi - CVE-2026-45152
uniget: Command Injection in tool.Check Leading to Arbitrary - CVE-2026-9208
Tanium addressed an unauthorized code execution vulnerabilit - CVE-2026-45136
claude-code-cache-fix: Local code execution via Python tripl - CVE-2026-44712
pam_usb: Shell injection via device UUID and username in pam
V. Comments for CVE-2026-9534
No comments yet