CVE-2025-6621 - Totolink Ca300-poe Firmware
Critical 9.8
A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Affected software
Totolink Ca300-poe Firmware
Reference links
- https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_47/47.md
- https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_47/47.md
- https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_47/47.md#poc
- https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_47/47.md#poc
- https://vuldb.com/?ctiid.313839
- https://vuldb.com/?id.313839
- https://vuldb.com/?submit.602266
- https://www.totolink.net/