PT-2023-19446 · Totolink · Totolink Ca300-Poe

Published

2023-02-14

Updated

2025-03-20

CVE-2023-24159

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TOTOLINK CA300-PoE version 6.2c.884

Description A command injection issue was found via the admpass parameter in the setPasswordCfg function. This allows for potential command injection attacks.

Recommendations For TOTOLINK CA300-PoE version 6.2c.884, consider restricting access to the setPasswordCfg function until a patch is available. As a temporary workaround, avoid using the admpass parameter in the affected function to minimize the risk of exploitation.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2025-03203

CVE-2023-24159

Affected Products

Totolink Ca300-Poe

PT-2023-19446 · Totolink · Totolink Ca300-Poe

CVE-2023-24159

Weakness Enumeration

Related Identifiers

Affected Products

References · 7