ID
VAR-202505-1262
CVE
CVE-2025-44854
TITLE
TOTOLINK of cp900 Command injection vulnerability in firmware
Trust: 0.8
DESCRIPTION
TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLINK of cp900 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CP900 is a wireless router from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | totolink | model: | cp900 | scope: | eq | version: | 6.3c.1144_b20190715 | Trust: 1.0 |
| vendor: | totolink | model: | cp900 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | totolink | model: | cp900 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | totolink | model: | cp900 | scope: | eq | version: | cp900 firmware 6.3c.1144 b20190715 | Trust: 0.8 |
| vendor: | totolink | model: | cp900 v6.3c.1144 b20190715 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-77 | Trust: 1.0 |
| problemtype: | Command injection (CWE-77) [ others ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-44854 | Trust: 3.2 |
| db: | JVNDB | id: | JVNDB-2025-005541 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-11981 | Trust: 0.6 |
REFERENCES
| url: | https://github.com/summermu/vulnforiot/tree/main/totolink_cp900/setupgradeuboot/readme.md | Trust: 2.4 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-44854 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2025-11981 |
| db: | JVNDB | id: | JVNDB-2025-005541 |
| db: | NVD | id: | CVE-2025-44854 |
LAST UPDATE DATE
2025-06-12T02:27:52.732000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-11981 | date: | 2025-06-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-005541 | date: | 2025-05-23T00:36:00 |
| db: | NVD | id: | CVE-2025-44854 | date: | 2025-05-22T15:32:20.913 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-11981 | date: | 2025-06-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-005541 | date: | 2025-05-23T00:00:00 |
| db: | NVD | id: | CVE-2025-44854 | date: | 2025-05-01T14:15:45.593 |