Command Injection Vulnerability in TOTOLINK CA600-PoE by TOTOLINK
CVE-2025-44846
Currently unrated
What is CVE-2025-44846?
The TOTOLINK CA600-PoE contains a critical command injection flaw within the recvUpgradeNewFw function, specifically exploited through the fwUrl parameter. This security vulnerability enables attackers to send crafted requests that can lead to the execution of arbitrary system commands, potentially allowing unauthorized control over the device.