CVE-2025-44836

TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44866

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44838

TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44844

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44842

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the msgprocess function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44840

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the svn parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44841

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the version parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44843

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44848

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the msgprocess function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44838

The CVE-2025-44838 affects TOTOLINK CPE CP900 (version 6.3c.1144_B20190715). A command injection exists in the setUploadUserData function via the FileName parameter, enabling arbitrary command execution on crafted requests. Public sources in connected documents corroborate the vulnerability and d...

CVE-2025-44836

CVE-2025-44836 concerns TOTOLINK CPE CP900 (version 6.3c.1144_B20190715). Multiple sources confirm a command injection vulnerability in the setApRebootScheCfg function, exploitable via the hour or minute parameters. The underlying issue is inadequate filtering of constructed command characters, e...

CVE-2025-44867

The CVE describes a command-injection vulnerability in Tenda W20E V15.11.0.6, specifically in the formSetNetCheckTools function via the hostName parameter, allowing arbitrary command execution by crafted requests. Affected product: Tenda W20E. Root cause: failure to properly validate or filter sp...

CVE-2025-44864

CVE-2025-44864 affects Tenda W20E (firmware V15.11.0.6). A command injection exists in the formSetDebugCfg function via the module parameter, enabling arbitrary commands with a crafted request. Public exploit details are not provided in the initial documents. CVSSv3.1 base score 6.3 (Medium), net...

CVE-2025-44860

TOTOLINK CA300-POE is affected (V6.2c.884_B20180522). The vulnerability is a command injection in the msg_process function via the Port parameter, allowing an attacker to execute arbitrary commands through a crafted request. The issue is rooted in insufficient input filtering for the Port paramet...

CVE-2025-44863

TOTOLINK CA300-POE (V6.2c.884_B20180522) contains a command injection in the msg_process function via the Url parameter, allowing arbitrary command execution through a crafted request (CVE-2025-44863). The CVSS v3.1 base score is 6.5 (Network, Low attack complexity, No privileges, User interactio...

CVE-2025-44848

TOTOLINK CA600-PoE, version 5.3c.6665_B20180820, contains a command injection flaw in the msg_process function triggered by the Url parameter. The vulnerability permits execution of arbitrary commands via a crafted request, with the CVE-2025-44848 entry documenting a network-facing exposure (base...

CVE-2025-44862

Summary : CVE-2025-44862 affects TOTOLINK CA300-POE (V6.2c.884_B20180522). A command injection flaw exists in the recvUpgradeNewFw function via the fwUrl parameter, allowing execution of arbitrary commands through a crafted request. Documents identify the vulnerability and affected component but ...

CVE-2025-44861

CVE-2025-44861 affects TOTOLINK CA300-POE (V6.2c.884_B20180522). A vulnerability in the CloudSrvUserdataVersionCheck function allows remote code execution via the url parameter, enabling arbitrary commands through a crafted request. Public references describe this as a command-injection vulnerabi...

CVE-2025-44839

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44846

The CVE-2025-44846 entry concerns TOTOLINK CA600-PoE vulnerable in the recvUpgradeNewFw function where the fwUrl parameter is not properly sanitized. Exploitation would allow remote command execution via a crafted request. Affected software/version: TOTOLINK CA600-PoE 5.3c.6665_B20180820. Documen...