Home

Description

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice.

PUBLISHED Reserved 2025-08-13 | Published 2025-08-18 | Updated 2025-08-18 | Assigner mitre

References

github.com/...ain/A3002R_V4/Boa - Command Injection/PoC 1.md

cve.org (CVE-2025-55589)

nvd.nist.gov (CVE-2025-55589)

Download JSON