CNNVD-202506-3215 Information
CNNVD ID
CNNVD-202506-3215
Related CVE
- CNNVD Published: 2025-06-25
Description (Chinese)
TOTOLINK CA300-PoE是中国吉翁电子(TOTOLINK)公司的一款无线接入点。 TOTOLINK CA300-PoE 6.2c.884版本存在命令注入漏洞,该漏洞源于文件wps.so对参数PIN处理不当,可能导致os命令注入攻击。
Description (English)
TOTOLINK CA300-PoE is a wireless access point for the Chinese company TOTOLINK. TOTOLINK CA300-PoE 6.2c.884 contains a command-injecting loophole, which arises from the inappropriate handling of the parameter pin in the document Wps.so, which could lead to an Os order-injection attack.
Hazard Level
High
Vulnerability Type
命令注入
Affected Vendor
头歌
Published
2025-06-25
Last Modified
2026-02-24
References
https://vuldb.com/?submit.602263 https://www.totolink.net/ https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_44/44.md https://vuldb.com/?ctiid.313836 https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_44/44.md#poc https://vuldb.com/?id.313836 https://nvd.nist.gov/vuln/detail/CVE-2025-6618
Share on: