Sign-up

ID

VAR-202506-1367


CVE

CVE-2025-6618


TITLE

TOTOLINK  of  CA300-PoE  Command injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-008009

DESCRIPTION

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of CA300-PoE The firmware contains a command injection vulnerability. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK CA300-PoE is a wireless access point from China's TOTOLINK Electronics. The vulnerability is caused by the failure of the parameter PIN of the file wps.so to properly filter the special characters and commands of the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution

Trust: 2.16

sources: NVD: CVE-2025-6618 // JVNDB: JVNDB-2025-008009 // CNVD: CNVD-2025-14228

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-14228

AFFECTED PRODUCTS

vendor:totolinkmodel:ca300-poescope:eqversion:6.2c.884

Trust: 1.0

vendor:totolinkmodel:ca300-poescope: - version: -

Trust: 0.8

vendor:totolinkmodel:ca300-poescope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:ca300-poescope:eqversion:ca300-poe firmware 6.2c.884

Trust: 0.8

vendor:totolinkmodel:ca300-poe 6.2c.884scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-14228 // JVNDB: JVNDB-2025-008009 // NVD: CVE-2025-6618

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-6618
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2025-6618
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-008009
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-14228
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2025-6618
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-008009
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-14228
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-6618
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-6618
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-008009
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-14228 // JVNDB: JVNDB-2025-008009 // NVD: CVE-2025-6618 // NVD: CVE-2025-6618

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-008009 // NVD: CVE-2025-6618

EXTERNAL IDS

db:NVDid:CVE-2025-6618

Trust: 3.2

db:VULDBid:313836

Trust: 1.8

db:JVNDBid:JVNDB-2025-008009

Trust: 0.8

db:CNVDid:CNVD-2025-14228

Trust: 0.6

sources: CNVD: CNVD-2025-14228 // JVNDB: JVNDB-2025-008009 // NVD: CVE-2025-6618

REFERENCES

url:https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_44/44.md

Trust: 2.4

url:https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_44/44.md#poc

Trust: 1.8

url:https://vuldb.com/?id.313836

Trust: 1.8

url:https://vuldb.com/?submit.602263

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://vuldb.com/?ctiid.313836

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-6618

Trust: 0.8

sources: CNVD: CNVD-2025-14228 // JVNDB: JVNDB-2025-008009 // NVD: CVE-2025-6618

SOURCES

db:CNVDid:CNVD-2025-14228
db:JVNDBid:JVNDB-2025-008009
db:NVDid:CVE-2025-6618

LAST UPDATE DATE

2025-07-06T23:44:13.663000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-14228date:2025-06-27T00:00:00
db:JVNDBid:JVNDB-2025-008009date:2025-07-04T07:59:00
db:NVDid:CVE-2025-6618date:2025-06-27T18:20:53.133

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-14228date:2025-06-27T00:00:00
db:JVNDBid:JVNDB-2025-008009date:2025-07-04T00:00:00
db:NVDid:CVE-2025-6618date:2025-06-25T18:15:24.757