CVE-2025-6621 in CA300-PoEinfo

Summary

by MITRE • 06/25/2025

A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 06/26/2025

This critical vulnerability exists within the TOTOLINK CA300-PoE wireless router firmware version 6.2c.884, specifically targeting the QuickSetting functionality within the ap.so library component. The flaw represents a command injection vulnerability that allows attackers to execute arbitrary operating system commands through manipulation of time-related parameters. The vulnerability manifests when the system processes user-supplied input for hour and minute arguments, which are then improperly handled without adequate sanitization or validation mechanisms.

The technical implementation of this vulnerability stems from insufficient input validation within the ap.so module's QuickSetting function. When legitimate users provide time values through the web interface or API endpoints, the system fails to properly sanitize these inputs before incorporating them into system commands. This creates an environment where malicious actors can inject shell commands by crafting specially formatted time parameters that bypass normal input processing. The vulnerability is particularly concerning because it operates at the operating system level, allowing full command execution privileges.

Remote exploitation of this vulnerability is entirely feasible, as the affected QuickSetting function is accessible through standard network protocols without requiring physical access or authentication. Attackers can leverage this weakness to execute arbitrary code on the affected device, potentially gaining complete control over the router's operations. The disclosed exploit demonstrates that threat actors can already utilize this vulnerability to perform unauthorized actions, including but not limited to executing system commands, modifying device configurations, or establishing persistent access points.

The operational impact of this vulnerability extends beyond simple command injection, as it fundamentally compromises the device's security posture and network integrity. Successful exploitation could enable attackers to redirect network traffic, modify firewall rules, access sensitive network information, or use the compromised device as a pivot point for attacking other systems within the local network. This represents a significant risk to organizations relying on these devices for network infrastructure, as they could become entry points for broader network breaches.

Security mitigation strategies should focus on immediate firmware updates from TOTOLINK, as this vulnerability affects a specific firmware version that likely contains patches or improved input validation. Network segmentation and monitoring should be implemented to detect anomalous command execution patterns, while administrators should disable unnecessary services and interfaces. This vulnerability aligns with CWE-77 and CWE-78 categories from the Common Weakness Enumeration, specifically addressing improper input validation and command injection flaws. From an attack framework perspective, this vulnerability maps to ATT&CK technique T1059.001 for command and script interpreter execution, representing a critical compromise of device integrity that could enable further lateral movement and persistent access within targeted networks.

Responsible

VulDB

Disclosure

06/25/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.02695

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!