CVE-2025-44862 – TOTOLINK CA300-POE Command Injection Vulnerability

May 1, 2025

CVE ID : CVE-2025-44862

Published : May 1, 2025, 6:15 p.m. | 1 hour, 11 minutes ago

Description : TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-44863 – TOTOLINK CA300-POE Command Injection Vulnerability

Next Article CVE-2025-32890 – goTenna Mesh Plaintext Injection Vulnerability

Highlights

CVE-2025-53096 – Moonlight Sunshine Clickjacking Vulnerability

July 1, 2025

CVE ID : CVE-2025-53096

Published : July 1, 2025, 2:15 a.m. | 5 hours, 18 minutes ago

Description : Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. If a user is tricked into interacting (one or multiple clicks) with the malicious page while authenticated, they may unknowingly perform actions within the Sunshine application without their consent. This issue has been patched in version 2025.628.4510.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Automating Design Systems: Tips And Resources For Getting Started

OpenAI releases two open weight reasoning models

Accelerate tool adoption with a developer experimentation framework

UX Job Interview Helpers

Yes, you can edit video like a pro on Linux – here are my 4 go-to apps

I tried Perplexity’s new reservation feature, and it surprised me with new dining spots to try

Your Samsung TV is getting a huge feature upgrade – 3 AI tools launching right now

This multi-card reader is one of the best investments I’ve made for my creative workflow

Fluent Object Operations with Laravel’s Enhanced Helper Utilities

Fluent Object Operations with Laravel’s Enhanced Helper Utilities

Record and Replay Requests With Laravel ChronoTrace

How to Write Media Queries in Optimizely Configured Commerce (Spire)

Battlefield 6 Developers Confirm AI Bots Will Auto-fill Servers If Player Count Drops

Battlefield 6 Developers Confirm AI Bots Will Auto-fill Servers If Player Count Drops

Canon imageFORMULA R40 Driver for Windows 11, 10 (Download)

Microsoft to End Support for Visual Studio 2015 This October

CVE-2025-44862 – TOTOLINK CA300-POE Command Injection Vulnerability

ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch

CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence

CVE-2025-37108 – “HPE Telco Service Activator Cross-Site Scripting Vulnerability”

Load up your Kindle for summer: Get up to 93% off popular eBooks at Amazon right now

CVE-2022-44614 – Apache HTTP Server Command Injection

GitLab Vulnerabilities Let Attackers Execute Actions by Injecting Malicious Content

CVE-2025-53096 – Moonlight Sunshine Clickjacking Vulnerability

CVE-2025-4442 – D-Link DIR-605L Remote Buffer Overflow Vulnerability

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

Microsoft confirms Windows 10 0x80070643 after KB5057589, as WinRE strikes again

CVE-2025-44862 – TOTOLINK CA300-POE Command Injection Vulnerability

Related Posts