Totolink Ca300 Poe Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Totolink Ca300 Poe Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in Totolink Ca300 Poe Firmware. Last year, in 2025 Ca300 Poe Firmware had 8 security vulnerabilities published. Right now, Ca300 Poe Firmware is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 8 | 9.80 |
| 2024 | 1 | 8.80 |
| 2023 | 15 | 9.65 |
It may take a day or so for new Ca300 Poe Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Totolink Ca300 Poe Firmware Security Vulnerabilities
TOTOLINK CA300-PoE 6.2c.884 wps.so Cmd Injection via SetWLanApcli PIN
CVE-2025-6618
9.8 - Critical
- June 25, 2025
A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Shell injection
TOTOLINK CA300-PoE 6.2c.884 OS Command Injection via setUpgradeFW
CVE-2025-6619
9.8 - Critical
- June 25, 2025
A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function setUpgradeFW of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Shell injection
TOTOLINK CA300-PoE 6.2c.884: setUpgradeUboot Command Injection (CVE-2025-6620)
CVE-2025-6620
9.8 - Critical
- June 25, 2025
A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been rated as critical. Affected by this issue is the function setUpgradeUboot of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Shell injection
TOTOLINK CA300-PoE 6.2c.884: OS Command Injection via QuickSetting (ap.so)
CVE-2025-6621
9.8 - Critical
- June 25, 2025
A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Shell injection
Command Injection in TOTOLINK CA300-POE V6.2c.884 msg_process via Port
CVE-2025-44860
- May 01, 2025
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
TOTOLINK CA300-POE 6.2c.884_B20180522 cmd injection via CloudSrvUserVerChk
CVE-2025-44861
- May 01, 2025
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Command Injection in recvUpgradeNewFw of TOTOLINK CA300-POE v6.2c.884_B20180522
CVE-2025-44862
- May 01, 2025
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Command Injection in TOTOLINK CA300-POE V6.2c.884 via msg_process Url
CVE-2025-44863
- May 01, 2025
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
TOTOLINK CA300-PoE 6.2c.884 Loginauth Buffer Overflow (Remote)
CVE-2024-7217
8.8 - High
- July 30, 2024
A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. This vulnerability affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Classic Buffer Overflow
Command Injection in TOTOLINK CA300-PoE V6.2c.884 via webWlanIdx
CVE-2023-24161
9.8 - Critical
- February 14, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.
Command Injection
Command Injection in TOTOLINK CA300-PoE V6.2c.884 setPasswordCfg
CVE-2023-24159
9.8 - Critical
- February 14, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.
Command Injection
TOTOLINK CA300-PoE 6.2c.884: Command Injection via admuser
CVE-2023-24160
9.8 - Critical
- February 14, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.
Command Injection
Command Injection in TOTOLINK CA300-PoE V6.2c.884 setRebootScheCfg
CVE-2023-24144
9.8 - Critical
- February 03, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function.
Command Injection
Totolink CA300-PoE V6.2c.884 cmd injection via NetDiagTracertHop
CVE-2023-24143
9.8 - Critical
- February 03, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function.
Command Injection
Command Injection in TOTOLINK CA300-PoE V6.2c.884 via NetDiagPingSize
CVE-2023-24142
9.8 - Critical
- February 03, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function.
Command Injection
TOTOLINK CA300-PoE V6.2c.884 cmd injection via NetDiagPingTimeOut in setNetworkDiag
CVE-2023-24141
9.8 - Critical
- February 03, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function.
Command Injection
Command Injection in TOTOLINK CA300-PoE V6.2c.884 via NetDiagPingNum
CVE-2023-24140
9.8 - Critical
- February 03, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function.
Command Injection
Command injection via NetDiagHost in TOTOLINK CA300-PoE V6.2c.884
CVE-2023-24139
9.8 - Critical
- February 03, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function.
Command Injection
TOTOLINK CA300-PoE V6.2c.884 Command Injection via plugin_version in setUnloadUserData
CVE-2023-24145
9.8 - Critical
- February 03, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function.
Command Injection
Command Injection in TOTOLINK CA300-PoE V6.2c.884 via minute param
CVE-2023-24146
9.8 - Critical
- February 03, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function.
Command Injection
Hardcoded Telnet Password in TOTOLINK CA300-PoE V6.2c.884
CVE-2023-24147
7.5 - High
- February 03, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini.
Use of Hard-coded Credentials
TOTORLINK CA300-PoE V6.2c.884: Command Injection via host_time
CVE-2023-24138
9.8 - Critical
- February 03, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function.
Command Injection
TOTOLINK CA300-PoE V6.2c.884 Command Injection via FileName Parameter
CVE-2023-24148
9.8 - Critical
- February 03, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function.
Command Injection
Hardcoded root pwd in TOTOLINK CA300PoE V6.2c.884 /etc/shadow
CVE-2023-24149
9.8 - Critical
- February 03, 2023
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow.
Use of Hard-coded Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Totolink Ca300 Poe Firmware or by Totolink? Click the Watch button to subscribe.
