Vulnerabilities ›

CVE-2026-9534

Medium

CWE-77 — Weakness Type

                    Published: May 26, 2026                      ·  Modified: May 29, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack remotely. The exploit has been published and may be used.

🤖 AI Executive Summary

A critical command injection vulnerability exists in Totolik CA750-PoE router firmware version 6.2c.510 affecting the WiFi WPS configuration handler. An unauthenticated remote attacker can inject arbitrary OS commands via the PIN parameter, potentially gaining complete device control. This poses significant risk to Saudi organizations using this router model for network infrastructure.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 26, 2026 17:17

🇸🇦 Saudi Arabia Impact Assessment

High impact for Saudi telecommunications sector (STC, Mobily, Zain infrastructure), government agencies using Totolik equipment for network access points, and enterprise networks. Banking sector at moderate risk if routers used in branch connectivity. Healthcare facilities using this equipment for network infrastructure face potential data breach risks. Energy sector (ARAMCO) and critical infrastructure operators may have exposure if deployed in operational networks.

🏢 Affected Saudi Sectors

Telecommunications Government Banking Healthcare Energy Critical Infrastructure Enterprise Networks

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1548 - Abuse Elevation Control Mechanism T1021 - Remote Service Session Initiation T1133 - External Remote Services

⚖️ Saudi Risk Score (AI)

7.8

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all Totolik CA750-PoE devices running firmware 6.2c.510 in your network inventory

2. Isolate affected devices from critical network segments if possible

3. Disable WPS functionality immediately via device configuration

4. Restrict administrative access to router management interfaces (limit to specific IPs)

5. Monitor for suspicious access patterns to /cgi-bin/cstecgi.cgi endpoint



DETECTION:

- Monitor for HTTP POST requests to /cgi-bin/cstecgi.cgi with setWiFiWpsConfig parameter

- Alert on PIN parameter values containing shell metacharacters: |, ;, &, $, `, (, ), <, >

- Log all WPS configuration changes and administrative access



COMPENSATING CONTROLS:

- Implement network segmentation isolating router management traffic

- Deploy WAF rules blocking requests with command injection patterns to this endpoint

- Enable router access logs and forward to SIEM for analysis

- Implement network-based IDS/IPS signatures for this vulnerability



PATCHING:

- Contact Totolik support for firmware updates beyond 6.2c.510

- If no patch available, consider device replacement with alternative vendor equipment

- Test any firmware updates in isolated lab environment before production deployment

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع أجهزة Totolik CA750-PoE التي تعمل بالإصدار 6.2c.510 في جرد الشبكة

2. عزل الأجهزة المتأثرة عن أجزاء الشبكة الحرجة إن أمكن

3. تعطيل وظيفة WPS فوراً عبر إعدادات الجهاز

4. تقييد الوصول الإداري لواجهات إدارة جهاز التوجيه (تحديد عناوين IP محددة)

5. مراقبة أنماط الوصول المريبة إلى نقطة نهاية /cgi-bin/cstecgi.cgi



الكشف:

- مراقبة طلبات HTTP POST إلى /cgi-bin/cstecgi.cgi مع معامل setWiFiWpsConfig

- تنبيه على قيم معامل PIN التي تحتوي على أحرف shell: |، ;، &، $، `، (، )، <، >

- تسجيل جميع تغييرات إعدادات WPS والوصول الإداري



الضوابط البديلة:

- تنفيذ تقسيم الشبكة لعزل حركة إدارة جهاز التوجيه

- نشر قواعد WAF لحجب الطلبات التي تحتوي على أنماط حقن الأوامر

- تفعيل سجلات وصول جهاز التوجيه وإرسالها إلى SIEM

- تنفيذ توقيعات IDS/IPS القائمة على الشبكة لهذه الثغرة



التصحيح:

- الاتصال بدعم Totolik للحصول على تحديثات البرامج الثابتة بعد 6.2c.510

- إذا لم يكن هناك تصحيح متاح، فكر في استبدال الجهاز بمعدات من بائع بديل

- اختبر أي تحديثات برامج ثابتة في بيئة معملية معزولة قبل النشر الإنتاجي

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information security policies and procedures A.8.1.1 - User access management A.12.2.1 - Change management procedures A.12.6.1 - Management of technical vulnerabilities

🔵 SAMA CSF

ID.RA-1 - Asset management and vulnerability identification PR.AC-1 - Access control and authentication DE.CM-8 - Vulnerability scans RS.MI-2 - Incident response and mitigation

🟡 ISO 27001:2022

A.12.6.1 - Management of technical vulnerabilities A.14.2.1 - Secure development policy A.12.2.1 - Change management A.5.2.1 - Information security responsibilities

🟣 PCI DSS v4.0.1

6.2 - Ensure security patches are installed 11.2 - Run automated vulnerability scans 2.2.4 - Configure system security parameters

🔗 References & Sources 5

🔗

https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_57/57.md

cna@vuldb.com

🔗

https://vuldb.com/submit/813938

cna@vuldb.com

🔗

https://vuldb.com/vuln/365561

cna@vuldb.com

🔗

https://vuldb.com/vuln/365561/cti

cna@vuldb.com

🔗

https://www.totolink.net/

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-77

EPSS4.84%

Exploit No

Patch ✗ No

Published 2026-05-26

Source Feed nvd

🇸🇦 Saudi Risk Score

7.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-77

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-9534

Introduce Yourself

Sign In Required