CVE-2025-28017

Description

TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter.

PUBLISHED Reserved 2025-03-11 | Published 2025-04-23 | Updated 2025-04-24 | Assigner mitre

References

locrian-lightning-dc7.notion.site/...1a280d696bbd25699fb5e97

locrian-lightning-dc7.notion.site/...1a280d696bbd25699fb5e97

cve.org (CVE-2025-28017)

nvd.nist.gov (CVE-2025-28017)

Download JSON