CVE-2026-0731
Null Pointer Dereference in TOTOLINK WA1200 HTTP Request Handler
Publication date: 2026-01-08
Last updated on: 2026-01-08
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | wa1200 | 5.9c.2914 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the TOTOLINK WA1200 device, specifically in an unknown function within the file cstecgi.cgi of the HTTP Request Handler component. It allows a remote attacker to cause a null pointer dereference, which can lead to a denial of service or crash of the device. The exploit has been publicly disclosed and can be executed remotely without authentication.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing a remote attacker to cause a denial of service on the TOTOLINK WA1200 device, potentially disrupting network connectivity or device availability. Since it leads to a null pointer dereference, it may cause the device to crash or become unresponsive.