TOTOLINK CA600-PoE msg_process function Url parameter command injection vulnerability

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the msgprocess function Url parameter failing to properly filter construct command special characters, commands, etc. No...

TOTOLINK CA600-PoE msg_process function Port parameter command injection vulnerability

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the msgprocess function Port parameter failing to correctly filter construct command special characters, commands, etc. N...

CVE-2025-44860

TOTOLINK CA300-POE V6.2c.884B20180522 was found to contain a command injection vulnerability in the msgprocess function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44860

TOTOLINK CA300-POE is affected (V6.2c.884_B20180522). The vulnerability is a command injection in the msg_process function via the Port parameter, allowing an attacker to execute arbitrary commands through a crafted request. The issue is rooted in insufficient input filtering for the Port paramet...

CVE-2025-44860

TOTOLINK CA300-POE V6.2c.884B20180522 was found to contain a command injection vulnerability in the msgprocess function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44842

CVE-2025-44842 affects TOTOLINK CA600-PoE (V5.3c.6665_B20180820). A vulnerability in the msg_process function, via the Port parameter, allows command injection by crafting a request. The root cause is insufficient filtering/validation of command-related characters in that parameter, enabling arbi...