CVE-2026-0731

MEDIUM

Totolink Wa1200-poe - NULL Pointer Dereference

Title source: rule

Description

A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

References (6)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.340128

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.340128

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.733249

[Exploit, Third Party Advisory] https://github.com/JackWesleyy/CVE/blob/main/WA1200/TOTOLINK%20WA1200%20NULL%20Pointer%20Dereference%20Vulnerability.md

View Exploit ZIP pw:eip

[Exploit, Third Party Advisory] https://github.com/JackWesleyy/CVE/blob/main/WA1200/TOTOLINK%20WA1200%20NULL%20Pointer%20Dereference%20Vulnerability.md#poc

[Product] https://www.totolink.net/

Scores

CVSS v3 5.3

EPSS 0.0022

EPSS Percentile 44.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-404 CWE-476

Status published

Products (2)

totolink/wa1200-poe

totolink/wa1200-poe_firmware 5.9c.2914

Published Jan 08, 2026

Tracked Since Feb 18, 2026