CVE-2023-24145: TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function.

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function.

Affected

1 ranges

Vendor	Product	Version range	Fixed in
totolink	ca300-poe_firmware	—	—