Totolink Ca300-poe Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Totolink Ca300-poe Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2023-24138 — CVSS 9.8 (critical): TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost…
CVE-2023-24139 — CVSS 9.8 (critical): TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the…
CVE-2023-24140 — CVSS 9.8 (critical): TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the…
CVE-2023-24141 — CVSS 9.8 (critical): TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the…
CVE-2023-24142 — CVSS 9.8 (critical): TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the…
CVE-2023-24143 — CVSS 9.8 (critical): TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the…
CVE-2023-24144 — CVSS 9.8 (critical): TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg…
CVE-2023-24145 — CVSS 9.8 (critical): TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the…
CVE-2023-24146 — CVSS 9.8 (critical): TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg…
CVE-2023-24148 — CVSS 9.8 (critical): TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the…
CVE-2023-24149 — CVSS 9.8 (critical): TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow.
CVE-2023-24159 — CVSS 9.8 (critical): TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg…
CVE-2023-24160 — CVSS 9.8 (critical): TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg…
CVE-2023-24161 — CVSS 9.8 (critical): TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx…
CVE-2023-24147 — CVSS 7.5 (high): TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component…
CVE-2025-44860 — CVSS 6.5 (medium): TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port…
CVE-2025-44863 — CVSS 6.5 (medium): TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url…
CVE-2025-44862 — CVSS 6.3 (medium): TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the…
CVE-2025-6618 — CVSS 6.3 (medium): A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings…
CVE-2025-6619 — CVSS 6.3 (medium): A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function…
CVE-2025-6621 — CVSS 6.3 (medium): A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file…
CVE-2025-6620 — CVSS 6.3 (medium): A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been rated as critical. Affected by this issue is the function…
CVE-2024-7217 — CVSS 6.3 (medium): A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. This vulnerability affects the function…
CVE-2025-44861 — CVSS 6.3 (medium): TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function…