CNNVD-202506-3218 Information

CNNVD ID

CNNVD-202506-3218

Related CVE

CVE-2025-6621

• CNNVD Published: 2025-06-25

Description (Chinese)

TOTOLINK CA300-PoE是中国吉翁电子（TOTOLINK）公司的一款无线接入点。 TOTOLINK CA300-PoE 6.2c.884版本存在命令注入漏洞，该漏洞源于文件ap.so对参数hour/minute处理不当，可能导致os命令注入攻击。

Description (English)

TOTOLINK CA300-PoE is a wireless access point for the Chinese company TOTOLINK. TOTOLINK CA300-PoE 6.2c.884 has a command-injecting loophole, which arises from document ap.so ’ s mishandling of the parameter hour/minute, which could lead to an Os order-injection attack.

Hazard Level

High

Vulnerability Type

命令注入

Affected Vendor

头歌

Published

2025-06-25

Last Modified

2026-02-24

References

https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_47/47.md#poc https://www.totolink.net/ https://vuldb.com/?id.313839 https://vuldb.com/?ctiid.313839 https://vuldb.com/?submit.602266 https://nvd.nist.gov/vuln/detail/CVE-2025-6621