Command Injection Vulnerability in TOTOLINK CA300-POE by TOTOLINK
CVE-2025-44862

Currently unrated

Key Information:

Vendor: TOTOLINK
Status: CA300-POE
Vendor: CVE Published:; 1 May 2025

What is CVE-2025-44862?

A command injection vulnerability exists in the TOTOLINK CA300-POE device, specifically within the recvUpgradeNewFw function. This flaw allows attackers to exploit the fwUrl parameter, enabling the execution of arbitrary commands through a specially crafted request. Device users should be aware of this security risk and take necessary precautions to protect their network and devices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/Summermu/VulnForIoT/tree/main/Totolink...

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
Apr 22, 2025

JSON

TOTOLINK

What is CVE-2025-44862?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

EPSS Score

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.