Totolink Ca600-Poe Firmware vulnerabilities

CVE-2025-44845 [MEDIUM] CWE-77 CVE-2025-44845: TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVE-2025-44848 [MEDIUM] CWE-77 CVE-2025-44848: TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVE-2025-44846 [MEDIUM] CWE-77 CVE-2025-44846: TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVE-2025-44844 [MEDIUM] CWE-77 CVE-2025-44844: TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVE-2025-44847 [MEDIUM] CWE-77 CVE-2025-44847: TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVE-2025-44841 [MEDIUM] CWE-77 CVE-2025-44841: TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the version parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVE-2025-44840 [MEDIUM] CWE-77 CVE-2025-44840: TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the svn parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVE-2025-44839 [MEDIUM] CWE-77 CVE-2025-44839: TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVE-2025-44843 [MEDIUM] CWE-77 CVE-2025-44843: TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVE-2025-44842 [MEDIUM] CWE-77 CVE-2025-44842: TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in th TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.