CVE-2025-6619

CWE-77Command InjectionCWE-78OS Command Injection3 documents3 sources
Severity
5.3MEDIUM
EPSS
2.2%
top 15.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink Ca300-poeTotolink Ca300-poe Firmware
Timeline
PublishedJun 25
Latest updateJun 26

Description

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function setUpgradeFW of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/ca300-poe6.2c.884

🔴Vulnerability Details

2
GHSA
GHSA-45hj-j2c3-984f: A vulnerability was found in TOTOLINK CA300-PoE 62025-06-26
CVEList
TOTOLINK CA300-PoE upgrade.so setUpgradeFW os command injection2025-06-25
CVE-2025-6619 (MEDIUM CVSS 5.3) | A vulnerability was found in TOTOLI | cvebase.io