A vulnerability, which was classified as critical , was found in Totolink CA750-PoE 6.2c.510 . The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler . The manipulation of the argument plugin_version results in os command injection. This vulnerability is cataloged as CVE-2026-9515 . The attack may be launched remotely. Furthermore, there is an exploit available.