Command Injection Vulnerability in TOTOLINK CA300-POE by TOTOLINK
CVE-2025-44862

Currently unrated

Key Information:

Vendor

TOTOLINK
Status
CA300-POE
Vendor
CVE Published:
1 May 2025

What is CVE-2025-44862?

A command injection vulnerability exists in the TOTOLINK CA300-POE device, specifically within the recvUpgradeNewFw function. This flaw allows attackers to exploit the fwUrl parameter, enabling the execution of arbitrary commands through a specially crafted request. Device users should be aware of this security risk and take necessary precautions to protect their network and devices.

References

https://github.com/Summermu/VulnForIoT/tree/main/Totolink...

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-44862 : Command Injection Vulnerability in TOTOLINK CA300-POE by TOTOLINK