CVE-2026-0731

Опубликовано: 08 янв. 2026

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://github.com/JackWesleyy/CVE/blob/main/WA1200/TOTOLINK%20WA1200%20NULL%20Pointer%20Dereference%20Vulnerability.md
Exploit
Third Party Advisory
https://github.com/JackWesleyy/CVE/blob/main/WA1200/TOTOLINK%20WA1200%20NULL%20Pointer%20Dereference%20Vulnerability.md#poc
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.340128
Permissions Required
VDB Entry
https://vuldb.com/?id.340128
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.733249
Third Party Advisory
VDB Entry
https://www.totolink.net/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:h:totolink:wa1200-poe:*:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:totolink:wa1200-poe_firmware:5.9c.2914:*:*:*:*:*:*:*

cpe:2.3:h:totolink:wa1200-poe:*:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00139

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-404

CWE-476

Связанные уязвимости

GHSA-p562-m5vc-8p56

CVSS3: 5.3

github

29 дней назад

EPSS

Процентиль: 34%

0.00139

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-404

CWE-476