CVE-2025-6618

CWE-77Command InjectionCWE-78OS Command Injection3 documents3 sources
Severity
5.3MEDIUM
EPSS
2.2%
top 15.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink Ca300-poeTotolink Ca300-poe Firmware
Timeline
PublishedJun 25
Latest updateJun 26

Description

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/ca300-poe6.2c.884

🔴Vulnerability Details

2
GHSA
GHSA-2xw8-pmxr-9vgf: A vulnerability was found in TOTOLINK CA300-PoE 62025-06-26
CVEList
TOTOLINK CA300-PoE wps.so SetWLanApcliSettings os command injection2025-06-25
CVE-2025-6618 (MEDIUM CVSS 5.3) | A vulnerability was found in TOTOLI | cvebase.io