Totolink

Ca300-poe Firmware

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-6621

Exploit
  • EPSS 2.2%
  • Veröffentlicht 25.06.2025 18:15:25
  • Zuletzt bearbeitet 27.06.2025 18:10:30

A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the...

9.8

CVE-2025-6620

Exploit
  • EPSS 2.2%
  • Veröffentlicht 25.06.2025 18:15:25
  • Zuletzt bearbeitet 27.06.2025 18:11:26

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been rated as critical. Affected by this issue is the function setUpgradeUboot of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attac...

9.8

CVE-2025-6619

Exploit
  • EPSS 2.2%
  • Veröffentlicht 25.06.2025 17:31:10
  • Zuletzt bearbeitet 27.06.2025 18:19:19

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function setUpgradeFW of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. T...

9.8

CVE-2025-6618

Exploit
  • EPSS 2.2%
  • Veröffentlicht 25.06.2025 17:31:07
  • Zuletzt bearbeitet 27.06.2025 18:20:53

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to laun...

6.5

CVE-2025-44863

Exploit
  • EPSS 6.18%
  • Veröffentlicht 01.05.2025 00:00:00
  • Zuletzt bearbeitet 21.05.2025 19:47:06

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

6.3

CVE-2025-44862

Exploit
  • EPSS 8.02%
  • Veröffentlicht 01.05.2025 00:00:00
  • Zuletzt bearbeitet 21.05.2025 19:47:10

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

6.3

CVE-2025-44861

Exploit
  • EPSS 8.02%
  • Veröffentlicht 01.05.2025 00:00:00
  • Zuletzt bearbeitet 21.05.2025 19:47:17

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

6.5

CVE-2025-44860

Exploit
  • EPSS 6.18%
  • Veröffentlicht 01.05.2025 00:00:00
  • Zuletzt bearbeitet 21.05.2025 19:47:22

TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

8.8

CVE-2024-7217

Exploit
  • EPSS 0.33%
  • Veröffentlicht 30.07.2024 05:15:09
  • Zuletzt bearbeitet 21.11.2024 09:51:06

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. This vulnerability affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The at...

9.8

CVE-2023-24159

Exploit
  • EPSS 1.45%
  • Veröffentlicht 14.02.2023 15:15:11
  • Zuletzt bearbeitet 20.03.2025 18:15:16

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.