Login Sign Up

CVE-2025-44848

6.5 MEDIUM
Remote Code Execution

📋 TL;DR

This CVE describes a command injection vulnerability in TOTOLINK CA600-PoE routers that allows attackers to execute arbitrary commands via crafted requests to the msg_process function's Url parameter. Attackers can potentially take full control of affected devices. This affects organizations using vulnerable TOTOLINK CA600-PoE routers.

💻 Affected Systems

Products:
  • TOTOLINK CA600-PoE
Versions: V5.3c.6665_B20180820
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default firmware version. No special configuration is required for exploitation.

📦 What is this software?

Ca600 Poe Firmware by Totolink

View all CVEs affecting Ca600 Poe Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent backdoors, pivot to internal networks, intercept traffic, or use the device for botnet activities.

🟠

Likely Case

Remote code execution leading to device takeover, credential theft, network reconnaissance, and potential lateral movement within the network.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict ingress filtering and network segmentation prevents lateral movement.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept exists in the GitHub repository. The vulnerability requires no authentication and has simple exploitation vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

Check TOTOLINK official website for firmware updates. If available, download latest firmware and follow vendor's update procedure.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices in separate VLANs with strict firewall rules to prevent external access.

Access Control Lists

all

Implement network ACLs to restrict access to device management interfaces to trusted IPs only.

🧯 If You Can't Patch

  • Immediately remove affected devices from internet-facing positions and place behind firewalls
  • Implement strict network monitoring for unusual outbound connections from affected devices

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or SSH. If version is V5.3c.6665_B20180820, device is vulnerable.

Check Version:

Check web interface at http://[device-ip]/ or via SSH if enabled

Verify Fix Applied:

Verify firmware version has been updated to a version newer than V5.3c.6665_B20180820.

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution in system logs
  • Multiple failed authentication attempts followed by successful access
  • Suspicious URL parameters in web server logs

Network Indicators:

  • Unusual outbound connections from router
  • Traffic to known malicious IPs
  • Unexpected SSH or telnet sessions originating from router

SIEM Query:

source="router-logs" AND (msg="command injection" OR msg="arbitrary command" OR url="*;*" OR url="*|*" OR url="*`*" OR url="*$(*")

📊 Metadata

CVE ID: CVE-2025-44848
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-77
EPSS Score: 4.54% exploit probability (88.9th percentile)
Published: May 1, 2025
Last Updated: May 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-44848, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)