Summermu

24 exploits Active since May 2025
CVE-2025-44839 WRITEUP MEDIUM WORKING POC
Totolink Ca600-poe Firmware - Command Injection
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44840 WRITEUP MEDIUM WORKING POC
Totolink Ca600-poe Firmware - Command Injection
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the svn parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44841 WRITEUP MEDIUM WORKING POC
Totolink Ca600-poe Firmware - Command Injection
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the version parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44842 WRITEUP MEDIUM WORKING POC
Totolink Ca600-poe Firmware - Command Injection
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44843 WRITEUP MEDIUM WORKING POC
Totolink Ca600-poe Firmware - Command Injection
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44844 WRITEUP MEDIUM WORKING POC
Totolink Ca600-poe Firmware - Command Injection
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44845 WRITEUP MEDIUM WORKING POC
Totolink Ca600-poe Firmware - Command Injection
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44846 WRITEUP MEDIUM WORKING POC
Totolink Ca600-poe Firmware - Command Injection
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44847 WRITEUP MEDIUM WORKING POC
Totolink Ca600-poe Firmware - Command Injection
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44848 WRITEUP MEDIUM WORKING POC
Totolink Ca600-poe Firmware - Command Injection
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44854 WRITEUP MEDIUM WORKING POC
Totolink Cp900 Firmware - Command Injection
TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44860 WRITEUP MEDIUM WORKING POC
Totolink Ca300-poe Firmware - Command Injection
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44861 WRITEUP MEDIUM WORKING POC
Totolink Ca300-poe Firmware - Command Injection
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44862 WRITEUP MEDIUM WORKING POC
Totolink Ca300-poe Firmware - Command Injection
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44863 WRITEUP MEDIUM WORKING POC
Totolink Ca300-poe Firmware - Command Injection
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-44864 WRITEUP MEDIUM WORKING POC
Tenda W20e Firmware - Command Injection
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44865 WRITEUP MEDIUM WORKING POC
Tenda W20e Firmware - Command Injection
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44866 WRITEUP MEDIUM WORKING POC
Tenda W20e Firmware - Command Injection
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44867 WRITEUP MEDIUM WORKING POC
Tenda W20e Firmware - Command Injection
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.3
CVE-2025-44872 WRITEUP CRITICAL WORKING POC
Tenda Ac9 Firmware - Command Injection
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 9.8
CVE-2025-44877 WRITEUP CRITICAL WORKING POC
Tenda Ac9 Firmware - Command Injection
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 9.8
CVE-2025-50755 WRITEUP MEDIUM WORKING POC
Wavlink WN535K3 - Command Injection
Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_cmd function via the command parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5
CVE-2025-50756 WRITEUP CRITICAL WORKING POC
Wavlink WN535K3 - Command Injection
Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the newpass parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 9.8
CVE-2025-50757 WRITEUP MEDIUM WORKING POC
Wavlink WN535K3 - Command Injection
Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the username parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS 6.5