CVE-2025-6620

CWE-77Command InjectionCWE-78OS Command Injection3 documents3 sources
Severity
5.3MEDIUM
EPSS
2.2%
top 15.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink Ca300-poeTotolink Ca300-poe Firmware
Timeline
PublishedJun 25
Latest updateJun 26

Description

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been rated as critical. Affected by this issue is the function setUpgradeUboot of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/ca300-poe6.2c.884

🔴Vulnerability Details

2
GHSA
GHSA-7x9j-wf2g-2h5x: A vulnerability was found in TOTOLINK CA300-PoE 62025-06-26
CVEList
TOTOLINK CA300-PoE upgrade.so setUpgradeUboot os command injection2025-06-25
CVE-2025-6620 (MEDIUM CVSS 5.3) | A vulnerability was found in TOTOLI | cvebase.io