{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T11:17:03.928","vulnerabilities":[{"cve":{"id":"CVE-2025-6618","sourceIdentifier":"cna@vuldb.com","published":"2025-06-25T18:15:24.757","lastModified":"2026-04-29T01:00:01.613","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."},{"lang":"es","value":"Se encontró una vulnerabilidad en TOTOLINK CA300-PoE 6.2c.884. Se ha clasificado como crítica. La función SetWLanApcliSettings del archivo wps.so está afectada. La manipulación del argumento PIN provoca la inyección de comandos del sistema operativo. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:totolink:ca300-poe_firmware:6.2c.884:*:*:*:*:*:*:*","matchCriteriaId":"F8729CF2-38C8-483B-9BDB-7C4ACA2C8D97"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:totolink:ca300-poe:-:*:*:*:*:*:*:*","matchCriteriaId":"006251DF-FF38-4FC5-8BE2-96374D8F6B7B"}]}]}],"references":[{"url":"https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_44/44.md","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_44/44.md#poc","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/?ctiid.313836","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]},{"url":"https://vuldb.com/?id.313836","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/?submit.602263","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.totolink.net/","source":"cna@vuldb.com","tags":["Product"]},{"url":"https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_44/44.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/wudipjq/my_vuln/blob/main/totolink4/vuln_44/44.md#poc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}}]}