CVE-2025-6620 – TOTOLINK CA300-PoE Os Command Injection Vulnerability

June 25, 2025

CVE ID : CVE-2025-6620

Published : June 25, 2025, 6:15 p.m. | 24 minutes ago

Description : A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been rated as critical. Affected by this issue is the function setUpgradeUboot of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6621 – TOTOLINK CA300-PoE Os Command Injection Vulnerability

Next Article CVE-2025-5833 – Pioneer DMH-WT7600NEX Root Filesystem Authentication Bypass

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-6620 – TOTOLINK CA300-PoE Os Command Injection Vulnerability

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

CVE-2025-47201 – Intrexx Portal Server Cross-Site Scripting (XSS)

CVE-2025-3845 – Markparticle WebServer Buffer Overflow Vulnerability

CVE-2025-25403 – Slims Senayan Library Management Systems SQL Injection Vulnerability

Product Walkthrough: A Look Inside Pillar’s AI Security Platform

Windows 10 KB5058481 sends users to Bing from new Calendar UI’s rich content

CVE-2025-43006 – SAP Supplier Relationship Management XSS Vulnerability

Fldigi – modem program for most of the digital modes used by radio amateurs

CVE-2025-5224 – Campcodes Online Hospital Management System SQL Injection Vulnerability

CVE-2025-6620 – TOTOLINK CA300-PoE Os Command Injection Vulnerability

Related Posts