Cyber Resilience

CVE-2026-0731

MediumPublic PoC

Published: 08 January 2026

Published
08 January 2026
Modified
29 January 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 35.9th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0731 is a medium-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Totolink Wa1200-Poe. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-0731 is a null pointer dereference vulnerability (CWE-404, CWE-476) in TOTOLINK WA1200 firmware version 5.9c.2914. The flaw affects an unknown function within the cstecgi.cgi file of the HTTP Request Handler component.

The vulnerability enables remote exploitation without authentication or user interaction. Attackers with network access can trigger the issue, resulting in a denial-of-service condition through application crash, as reflected in its CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Advisories note that the exploit has been publicly disclosed and may be used, with a proof-of-concept available in a GitHub repository linked in the references, alongside VulDB entries documenting the issue. No patches or specific mitigations are mentioned in the provided details.

EU & UK References

Vulnerability details

A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried…

more

out remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated null pointer dereference in HTTP handler (cstecgi.cgi) directly enables exploitation of public-facing application for endpoint DoS via crash.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-8137Same vendor: Totolink
CVE-2025-8138Same vendor: Totolink
CVE-2025-2369Same vendor: Totolink
CVE-2025-1340Same vendor: Totolink
CVE-2025-8245Same vendor: Totolink
CVE-2025-11444Same vendor: Totolink
CVE-2025-70327Same vendor: Totolink
CVE-2025-8136Same vendor: Totolink
CVE-2025-8246Same vendor: Totolink
CVE-2025-8139Same vendor: Totolink

Affected Assets

totolink
wa1200-poe
all versions
totolink
wa1200-poe firmware
5.9c.2914

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly protects against remote unauthenticated requests that trigger null pointer dereference crashes in the HTTP handler, mitigating the resulting DoS condition.

prevent

Requires validation of inputs to cstecgi.cgi to reject malformed requests that cause the null pointer dereference.

prevent

Ensures the HTTP Request Handler performs graceful error handling rather than crashing on null pointer dereference.

References