EUVD-2025-32582

The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50...

CVE-2025-59452

The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50...

EUVD-2022-49524

Malicious code in bioql PyPI...

CVE-2025-5502

A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack may be launched...

CVE-2022-33722

Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address...

Command injection

The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin...

多款TotoLink产品 操作系统命令注入漏洞

Totolink A830R/A3100R/A950RG/A800R/A3000RU/A810R and other products are one of the routers from Totolink China. A command injection vulnerability exists in several TotoLink products. The vulnerability stems from the failure of the deviceName parameter and deviceMac parameter in the...