Command Injection Vulnerability in TOTOLINK CPE CP900

CVE-2025-44837

What is CVE-2025-44837?

The TOTOLINK CPE CP900 product version V6.3c.1144_B20190715 is susceptible to a command injection issue within the CloudSrvUserdataVersionCheck function. This vulnerability arises from improper validation of input parameters, specifically 'url' or 'magicid'. Malicious actors can exploit this flaw to execute arbitrary commands on the device through specially crafted requests, potentially compromising device integrity and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References