CVE-2025-44844 is a command injection vulnerability identified in the TOTOLINK CA600-PoE router, specifically in firmware version V5.3c.6665_B20180820. The vulnerability resides within the setUpgradeFW function, which processes the FileName parameter. An attacker can exploit this flaw by sending a specially crafted request containing malicious input in the FileName parameter, resulting in arbitrary command execution on the device. This type of vulnerability falls under CWE-77 (Improper Neutralization of Special Elements used in a Command), indicating that user-supplied input is not properly sanitized before being passed to system commands. The CVSS 3.1 base score is 6.5, categorized as medium severity, with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N. This means the vulnerability can be exploited remotely over the network without authentication or user interaction, with low attack complexity. The impact affects confidentiality and integrity but not availability. There are no known exploits in the wild at the time of publication, and no patches have been released yet. The vulnerability was reserved on April 22, 2025, and published on May 1, 2025. TOTOLINK CA600-PoE is a Power over Ethernet router device commonly used in small to medium enterprise and possibly some industrial environments for network connectivity and power delivery over Ethernet cables. The ability to execute arbitrary commands remotely without authentication poses a significant risk of unauthorized access, data leakage, or device manipulation, potentially allowing attackers to pivot within networks or disrupt operations indirectly.

For European organizations, this vulnerability presents a moderate risk primarily to those using TOTOLINK CA600-PoE devices in their network infrastructure. Exploitation could lead to unauthorized disclosure of sensitive information (confidentiality impact) and unauthorized modification of device configurations or data (integrity impact). Although availability is not directly affected, compromised devices could be used as footholds for further attacks, including lateral movement or launching attacks against other network segments. Sectors such as small and medium enterprises, managed service providers, and industrial facilities relying on PoE networking equipment may be particularly vulnerable. Given the lack of authentication and user interaction requirements, attackers can remotely exploit the vulnerability with relative ease if the device is exposed to untrusted networks. This could lead to data breaches, network instability, or unauthorized control over network infrastructure components. The absence of patches increases the window of exposure, necessitating immediate mitigation efforts. Organizations with regulatory obligations under GDPR must consider the confidentiality impact seriously, as data leakage could lead to compliance violations and penalties.

1. Immediate network segmentation: Isolate TOTOLINK CA600-PoE devices from direct exposure to untrusted networks, especially the internet. Place them behind firewalls or VPNs to restrict access to trusted administrators only. 2. Access control: Implement strict access control lists (ACLs) to limit which IP addresses can communicate with the device management interfaces. 3. Monitoring and logging: Enable detailed logging on affected devices and network perimeter devices to detect suspicious requests targeting the setUpgradeFW function or unusual command execution patterns. 4. Firmware update vigilance: Monitor TOTOLINK vendor communications for official patches or firmware updates addressing this vulnerability and apply them promptly once available. 5. Temporary workaround: If feasible, disable or restrict the setUpgradeFW function or the interface that accepts the FileName parameter until a patch is released. 6. Incident response preparation: Prepare to isolate or replace affected devices quickly if exploitation is detected. 7. Network scanning: Conduct internal scans to identify all TOTOLINK CA600-PoE devices to ensure no unmanaged or forgotten devices remain exposed. 8. Vendor engagement: Engage with TOTOLINK support channels to request timelines for patch releases and additional mitigation guidance.