CVE-2025-44836 in CPE CP900info

Summary

by MITRE • 05/01/2025

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 05/26/2025

The vulnerability identified as CVE-2025-44836 represents a critical command injection flaw within the TOTOLINK CPE CP900 router firmware version V6.3c.1144_B20190715. This issue resides in the setApRebootScheCfg function which handles configuration parameters for access point reboot scheduling. The vulnerability manifests when attackers manipulate the hour or minute parameters, which are processed without adequate input validation or sanitization. The affected device operates as a wireless access point and router, commonly deployed in enterprise and residential networking environments where it serves as a central point for network management and device control.

The technical exploitation of this vulnerability stems from improper input handling within the firmware's web interface. When the hour or minute parameters are submitted through a crafted HTTP request to the setApRebootScheCfg function, the system fails to properly sanitize these inputs before incorporating them into system commands. This creates an environment where malicious actors can inject arbitrary commands that execute with the privileges of the web server process, typically running with administrative or root-level access. The vulnerability aligns with CWE-77 and CWE-94 classifications, representing command injection and code execution weaknesses respectively, which are fundamental security flaws in software development practices. Attackers can leverage this vulnerability to gain complete control over the affected device, potentially enabling them to modify network configurations, install malicious software, or use the device as a pivot point for further attacks within the network infrastructure.

The operational impact of CVE-2025-44836 extends beyond immediate device compromise to encompass broader network security implications. Once an attacker successfully exploits this vulnerability, they can manipulate the router's reboot scheduling functionality to execute unauthorized commands at predetermined intervals. This persistent access capability allows for long-term network surveillance, data exfiltration, or the establishment of persistent backdoors within the network. The vulnerability affects devices that may be deployed in critical infrastructure environments, potentially compromising network availability and integrity. According to ATT&CK framework, this vulnerability maps to T1059.001 (Command and Scripting Interpreter: PowerShell) and T1068 (Exploitation for Privilege Escalation) techniques, as attackers can leverage the command injection to execute system commands and escalate privileges. The impact is particularly severe in enterprise environments where these devices often serve as network gateways and may be directly exposed to untrusted network segments.

Mitigation strategies for CVE-2025-44836 require immediate action from network administrators and system operators. The primary recommendation involves applying firmware updates from TOTOLINK that address the command injection vulnerability in the setApRebootScheCfg function. Organizations should also implement network segmentation to limit exposure of these devices to untrusted networks and deploy intrusion detection systems to monitor for suspicious command execution patterns. Access controls should be strengthened through the implementation of strong authentication mechanisms and the restriction of administrative access to only necessary personnel. Network administrators should consider disabling unnecessary web management interfaces and implementing firewall rules that restrict access to the device's administrative ports. Additionally, regular vulnerability assessments and penetration testing should be conducted to identify similar vulnerabilities in other network devices. The vulnerability highlights the importance of input validation and proper sanitization in firmware development, emphasizing the need for adherence to secure coding practices and regular security audits of embedded systems. Organizations should also establish incident response procedures specifically designed to handle such network device compromises, ensuring rapid identification and remediation of similar vulnerabilities across their network infrastructure.

Responsible

MITRE

Reservation

04/22/2025

Disclosure

05/01/2025

Moderation

accepted

CPE

ready

EPSS

0.00884

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!