CVE-2026-0731

MEDIUM 5.3

TOTOLINK WA1200 HTTP Request cstecgi.cgi null pointer dereference

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

CWE	CWE-476 CWE-404
Vendor	totolink
Product	wa1200
Published	Jan 8, 2026
Last Updated	Feb 23, 2026

Stay Ahead of the Next One

Get instant alerts for totolink wa1200

Be the first to know when new medium vulnerabilities affecting totolink wa1200 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:W/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

TOTOLINK / WA1200

5.9c.2914

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.340128 vuldb.com: https://vuldb.com/?ctiid.340128 vuldb.com: https://vuldb.com/?submit.733249 github.com: https://github.com/JackWesleyy/CVE/blob/main/WA1200/TOTOLINK%20WA1200%20NULL%20Pointer%20Dereference%20Vulnerability.md github.com: https://github.com/JackWesleyy/CVE/blob/main/WA1200/TOTOLINK%20WA1200%20NULL%20Pointer%20Dereference%20Vulnerability.md#poc totolink.net: https://www.totolink.net/

Credits

🔍 JackWesley (VulDB User)