Vulnerabilities ›

CVE-2026-9533

Medium

CWE-77 — Weakness Type

                    Published: May 26, 2026                      ·  Modified: May 29, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

🤖 AI Executive Summary

CVE-2026-9533 is a remote OS command injection vulnerability in Totolik CA750-PoE firmware version 6.2c.510 affecting the firmware upgrade function. Attackers can manipulate the fwUrl/magicid parameters to execute arbitrary commands on affected devices.

📄 Description (Arabic)

ثغرة في جهاز Totolik CA750-PoE تسمح بحقن أوامر نظام التشغيل عن بعد من خلال معالج ترقية البرامج الثابتة. يمكن للمهاجمين التلاعب بمعاملات fwUrl و magicid لتنفيذ أوامر تعسفية على الأجهزة المتأثرة. الاستغلال متاح للعامة ويشكل تهديداً فوري للبنية التحتية للشبكات.

🤖 ملخص تنفيذي (AI)

This vulnerability allows remote attackers to inject OS commands through the firmware upgrade handler in Totolik CA750-PoE devices. The flaw enables unauthorized command execution without authentication, posing significant risk to network infrastructure.

🤖 AI Intelligence Analysis Analyzed: May 27, 2026 11:08

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

telecom government energy banking

🎯 MITRE ATT&CK Techniques

T1190 T1059 T1078

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Immediately update Totolik CA750-PoE devices to firmware version newer than 6.2c.510. Restrict network access to the management interface using firewall rules. Disable remote firmware upgrade functionality if not required. Monitor for suspicious firmware upgrade attempts and implement network segmentation for IoT/networking devices.

🔧 خطوات المعالجة (العربية)

قم بتحديث أجهزة Totolik CA750-PoE إلى إصدار البرنامج الثابت الأحدث من 6.2c.510 فوراً. قيد الوصول إلى واجهة الإدارة باستخدام قواعد جدار الحماية. عطل وظيفة ترقية البرنامج الثابت عن بعد إن لم تكن مطلوبة. راقب محاولات ترقية البرنامج الثابت المريبة وطبق تقسيم الشبكة للأجهزة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 5.2 5.3

🔵 SAMA CSF

ID.BE-5 PR.AC-1 PR.PT-1

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1 A.14.2.5

🔗 References & Sources 5

🔗

https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_56/56.md

cna@vuldb.com

🔗

https://vuldb.com/submit/813937

cna@vuldb.com

🔗

https://vuldb.com/vuln/365560

cna@vuldb.com

🔗

https://vuldb.com/vuln/365560/cti

cna@vuldb.com

🔗

https://www.totolink.net/

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-77

EPSS4.84%

Exploit No

Patch ✗ No

Published 2026-05-26

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-77

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-9533

Introduce Yourself

Sign In Required