CVE-2023-24148: TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function.

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function.

Affected

1 ranges

Vendor	Product	Version range	Fixed in
totolink	ca300-poe_firmware	—	—