Home

Description

A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

PUBLISHED Reserved 2026-01-08 | Published 2026-01-08 | Updated 2026-01-09 | Assigner VulDB




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:W/RC:R
MEDIUM: 5.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:W/RC:R
5.0AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:W/RC:UR

Problem types

NULL Pointer Dereference

Denial of Service

Product status

5.9c.2914
affected

Timeline

2026-01-08:Advisory disclosed
2026-01-08:VulDB entry created
2026-01-08:VulDB entry last update

Credits

JackWesley (VulDB User) reporter

References

vuldb.com/?id.340128 (VDB-340128 | TOTOLINK WA1200 HTTP Request cstecgi.cgi null pointer dereference) vdb-entry

vuldb.com/?ctiid.340128 (VDB-340128 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.733249 (Submit #733249 | TOTOLINK WA1200 V5.9c.2914 NULL Pointer Dereference) third-party-advisory

github.com/...1200 NULL Pointer Dereference Vulnerability.md related

github.com/...1200 NULL Pointer Dereference Vulnerability.md exploit

www.totolink.net/ product

cve.org (CVE-2026-0731)

nvd.nist.gov (CVE-2026-0731)

Download JSON