ID
VAR-202505-0405
CVE
CVE-2025-44846
TITLE
TOTOLINK of CA600-PoE Command injection vulnerability in firmware
Trust: 0.8
DESCRIPTION
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK of CA600-PoE Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | totolink | model: | ca600-poe | scope: | eq | version: | 5.3c.6665_b20180820* | Trust: 1.0 |
| vendor: | totolink | model: | ca600-poe | scope: | - | version: | - | Trust: 0.8 |
| vendor: | totolink | model: | ca600-poe | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | totolink | model: | ca600-poe | scope: | eq | version: | ca600-poe firmware 5.3c.6665 b20180820* | Trust: 0.8 |
| vendor: | totolink | model: | ca600-poe v5.3c.6665 b20180820 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-77 | Trust: 1.0 |
| problemtype: | Command injection (CWE-77) [ others ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-44846 | Trust: 3.2 |
| db: | JVNDB | id: | JVNDB-2025-005556 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-12023 | Trust: 0.6 |
REFERENCES
| url: | https://github.com/summermu/vulnforiot/tree/main/totolink_ca600-poe/recvupgradenewfw/readme.md | Trust: 2.4 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-44846 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2025-12023 |
| db: | JVNDB | id: | JVNDB-2025-005556 |
| db: | NVD | id: | CVE-2025-44846 |
LAST UPDATE DATE
2025-06-12T02:19:43.199000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-12023 | date: | 2025-06-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-005556 | date: | 2025-05-23T01:38:00 |
| db: | NVD | id: | CVE-2025-44846 | date: | 2025-05-22T15:31:42.890 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-12023 | date: | 2025-06-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-005556 | date: | 2025-05-23T00:00:00 |
| db: | NVD | id: | CVE-2025-44846 | date: | 2025-05-01T17:15:50.917 |