CVE-2025-6618
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-25

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-25
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-06-25
EPSS Evaluated
2026-05-05
NVD
CVE-2025-6618
EUVD
EUVD-2025-19128
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
totolink ca300-poe_firmware 6.2c.884
totolink ca300-poe *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-6618 is a critical OS command injection vulnerability in the TOTOLINK CA300-PoE router firmware version 6.2c.884. It exists in the SetWLanApcliSettings function of the wps.so file, where the PIN argument is improperly handled without sanitization. This allows a remote attacker to inject and execute arbitrary operating system commands by manipulating the PIN parameter in a crafted request. [1, 2]


How can this vulnerability impact me? :

This vulnerability can severely impact the affected device by allowing unauthorized remote attackers to execute arbitrary OS commands. This compromises the confidentiality, integrity, and availability of the device, potentially leading to full control over the router, disruption of network services, and unauthorized access to sensitive information. [2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection can involve monitoring for unusual or unauthorized requests targeting the SetWLanApcliSettings function, especially those manipulating the PIN parameter. Since the vulnerability allows OS command injection via crafted requests, inspecting network traffic for suspicious payloads or commands sent to the affected router may help. However, no specific detection commands or tools are provided in the available resources. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include replacing the affected TOTOLINK CA300-PoE device running firmware version 6.2c.884 with an alternative product, as no official vendor patch or mitigation is currently available. Avoid exposing the device to untrusted networks and restrict remote access where possible to reduce exploitation risk. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart