CVE-2025-6621
BaseFortify
Publication date: 2025-06-25
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | ca300-poe_firmware | 6.2c.884 |
| totolink | ca300-poe | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can compromise the confidentiality, integrity, and availability of the affected router device. An attacker can remotely execute arbitrary OS commands, potentially taking control of the device, disrupting network operations, or accessing sensitive information. Since the exploit is publicly available, the risk of exploitation is high. [2]
Can you explain this vulnerability to me?
CVE-2025-6621 is a critical OS command injection vulnerability in the TOTOLINK CA300-PoE router firmware version 6.2c.884. It exists in the QuickSetting function of the ap.so file, where the 'hour' and 'minute' parameters are improperly sanitized. This allows a remote attacker to inject and execute arbitrary operating system commands by sending specially crafted requests manipulating these parameters. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by monitoring for suspicious or crafted requests targeting the QuickSetting function's 'hour' and 'minute' parameters on the TOTOLINK CA300-PoE router. Since the vulnerability involves OS command injection via these parameters, network traffic inspection tools or web application firewalls can be configured to alert on unusual input patterns or command injection signatures in these parameters. Specific commands are not provided in the resources, but generally, using tools like curl or wget to send crafted requests to the QuickSetting endpoint and observing unexpected command execution or responses can help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected TOTOLINK CA300-PoE device running firmware version 6.2c.884 with an alternative product, as no known countermeasures or patches are currently available. Additionally, restricting remote access to the device, disabling the vulnerable QuickSetting function if possible, and monitoring network traffic for exploitation attempts are recommended to reduce risk until a fix or update is provided. [2]