CVE-2025-6621 Information
Jun 26, 2025
cve
Description
A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Reference
https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_47/47.md https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_47/47.md#poc https://vuldb.com/?ctiid.313839 https://vuldb.com/?id.313839 https://vuldb.com/?submit.602266 https://www.totolink.net/
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
LOW
Base Severity
6.3
Related CNNVD
CNNVD-202506-3218 (Published: 2025-06-25)
Share on: