CVE-2026-9511
Published: 25 May 2026
Summary
CVE-2026-9511 is a low-severity Command Injection (CWE-77) vulnerability in Totolink CA750-PoE (inferred from references). Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 11.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-31760
Vulnerability details
A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument webWlanIdx leads to os command injection. It is possible to launch the attack…
more
remotely. The exploit is publicly available and might be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in the web management interface (cgi-bin) of a network device directly enables remote exploitation of a public-facing application.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.