CVE-2025-6621

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA300-PoE version 6.2c.884

Description: A critical issue has been found in the QuickSetting function of the file ap.so, allowing for os command injection through the manipulation of the hour/minute argument. This can be initiated remotely.

Recommendations: For TOTOLINK CA300-PoE version 6.2c.884, as a temporary workaround, consider disabling the QuickSetting function until a patch is available. Restrict access to the ap.so file to minimize the risk of exploitation. Avoid using the hour/minute argument in the affected function until the issue is resolved.