Command Injection Vulnerability in TOTOLINK CA600-PoE by TOTOLINK

CVE-2025-44846

What is CVE-2025-44846?

The TOTOLINK CA600-PoE contains a critical command injection flaw within the recvUpgradeNewFw function, specifically exploited through the fwUrl parameter. This security vulnerability enables attackers to send crafted requests that can lead to the execution of arbitrary system commands, potentially allowing unauthorized control over the device.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References