VYPR

CA300-PoE

by Totolink

CVEs (24)

  • CVE-2025-6618MedJun 25, 2025
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch the attack remotely. The…

  • CVE-2025-44862MedMay 1, 2025
    risk 0.41cvss 6.3epss 0.01

    TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2025-44861MedMay 1, 2025
    risk 0.41cvss 6.3epss 0.01

    TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2024-7217MedJul 30, 2024
    risk 0.41cvss 6.3epss 0.07

    A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. This vulnerability affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated…

Page 2 of 2