CVE-2025-44846

MEDIUM Year: 2025
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-77
View all →

Vulnerability Description

TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Related Vulnerabilities

CVE-2016-9873

MEDIUM
CVSS:6.3(Medium)

EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authentic...

CWE-772016

CVE-2017-12329

MEDIUM
CVSS:6.3(Medium)

A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulne...

CWE-772017

CVE-2017-12330

MEDIUM
CVSS:6.3(Medium)

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation ...

CWE-772017

CVE-2017-12335

MEDIUM
CVSS:6.3(Medium)

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation ...

CWE-772017

CVE-2019-20702

MEDIUM
CVSS:6.3(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

CWE-772019

CVE-2019-20703

MEDIUM
CVSS:6.3(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

CWE-772019