TOTOLINK CA300-PoE CloudSrvUserdataVersionCheck Function Command Injection Vulnerability

TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK CA300-PoE version V6.2c.884B20180522, which stems from the CloudSrvUserdataVersionCheck function url parameter failing to correctly filter constructed command...

PT-2025-18664 · Totolink · Totolink Ca600-Poe

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA600-PoE version 5.3c.6665 B20180820 Description: A command injection issue was discovered in the CloudSrvUserdataVersionCheck function through the url parameter. This issue allows attackers to execute arbitrary commands via a...