Totolink Cp900 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Totolink Cp900 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2022-28491 — CVSS 9.8 (critical): TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name…
CVE-2022-28494 — CVSS 9.8 (critical): TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via…
CVE-2022-28495 — CVSS 9.8 (critical): TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via…
CVE-2022-28496 — CVSS 9.8 (critical): TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via…
CVE-2022-28497 — CVSS 9.8 (critical): TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader…
CVE-2024-7463 — CVSS 8.8 (high): A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of…
CVE-2024-7464 — CVSS 6.3 (medium): A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg…
CVE-2025-44836 — CVSS 6.3 (medium): TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via…
CVE-2025-44837 — CVSS 6.3 (medium): TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck…
CVE-2025-44838 — CVSS 6.3 (medium): TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via…
CVE-2025-44854 — CVSS 6.3 (medium): TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName…