TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Metrics
Affected Vendors & Products
References
History
Thu, 22 May 2025 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Totolink
Totolink cp900 Totolink cp900 Firmware |
|
CPEs | cpe:2.3:h:totolink:cp900:-:*:*:*:*:*:*:* cpe:2.3:o:totolink:cp900_firmware:6.3c.1144_b20190715:*:*:*:*:*:*:* |
|
Vendors & Products |
Totolink
Totolink cp900 Totolink cp900 Firmware |
Thu, 01 May 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-77 | |
Metrics |
cvssV3_1
|
Thu, 01 May 2025 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published: 2025-05-01T00:00:00.000Z
Updated: 2025-05-01T20:33:19.508Z
Reserved: 2025-04-22T00:00:00.000Z
Link: CVE-2025-44838

Updated: 2025-05-01T20:32:42.630Z

Status : Analyzed
Published: 2025-05-01T15:16:20.950
Modified: 2025-05-22T15:29:50.967
Link: CVE-2025-44838

No data.