Command Injection Vulnerability in TOTOLINK CPE CP900 by TOTOLINK

CVE-2025-44836

What is CVE-2025-44836?

The TOTOLINK CPE CP900 device, specifically version V6.3c.1144_B20190715, has been identified with a vulnerability that allows for command injection through the setApRebootScheCfg function. By manipulating the hour or minute parameters in requests, attackers can execute arbitrary commands on the device. This poses significant security risks, potentially allowing unauthorized access and control over the affected devices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References