CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

NVD•added 2026/04/29 3:16 p.m.•1 views

CVE-2026-36841

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

9.8CVSS0.00113EPSS

Exploits0References1

Vulnrichment•added 2026/04/29 12:0 a.m.•0 views

CVE-2026-36841

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

5.2AI score0.00113EPSS

Exploits0References1

CVE•added 2026/04/29 12:0 a.m.•3 views

CVE-2026-36841

CVE-2026-36841 affects TOTOLINK N200RE V5. The root cause is a command injection in the formMapDelDevice function exploited via the macstr and bandstr parameters. This leads to arbitrary command execution with high impact on confidentiality, integrity, and availability (per CVSS 3.1 metrics: AV:N...

9.8CVSS5.2AI score0.00113EPSS

Exploits0References1

ATTACKERKB•added 2026/04/29 12:0 a.m.•0 views

CVE-2026-36841

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

5.2AI score0.00113EPSS

Exploits0References2

EUVD•added 2026/04/29 12:0 a.m.•2 views

EUVD-2026-26231

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

9.8CVSS5.2AI score0.00113EPSS

Exploits0References1

Cvelist•added 2026/04/29 12:0 a.m.•23 views

CVE-2026-36841

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

0.00113EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-14609

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00388EPSS

Exploits1References3

CNVD•added 2025/08/25 12:0 a.m.•4 views

TOTOLINK A3002R macstr, bandstr and clientoff parameter command injection vulnerability

The TOTOLINK A3002R is a wireless router manufactured by China's Gion Electronics TOTOLINK, whose main function is to provide wireless network connectivity for home or small office environments. The TOTOLINK A3002R suffers from an OS command injection vulnerability that stems from the presence of...

6.5CVSS7.7AI score0.0345EPSS

Exploits1References1

NVD•added 2025/08/18 8:15 p.m.•3 views

CVE-2025-55589

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice...

6.5CVSS0.0345EPSS

Exploits1References1

CVE•added 2025/08/18 12:0 a.m.•11 views

CVE-2025-55589

Summary: CVE-2025-55589 affects TOTOLINK A3002R firmware v4.0.0-B20230531.1404. Multiple OS command injection flaws exist in the /boafrm/formMapDelDevice endpoint, exploitable via the macstr, bandstr, and clientoff parameters. This is substantiated by CNVD, RH Red Hat CVE pages, CNNVD, CIRCL sigh...

6.5CVSS8.2AI score0.0345EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2025/08/18 12:0 a.m.•6 views

CVE-2025-55589

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice...

8.2AI score0.0345EPSS

Exploits1References1

CNNVD•added 2025/08/18 12:0 a.m.•2 views

TOTOLINK A3002R 安全漏洞

6.5CVSS7.6AI score0.0345EPSS

Exploits1References3

EUVD•added 2025/08/18 12:0 a.m.•2 views

EUVD-2025-28599

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice...

6.5CVSS7.5AI score0.0345EPSS

Exploits1References1

Positive Technologies•added 2025/08/18 12:0 a.m.•7 views

PT-2025-33689 · Totolink · Totolink A3002Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R version 4.0.0-B20230531.1404 Description: The TOTOLINK A3002R router firmware contains multiple OS command injection vulnerabilities. These vulnerabilities are located in the /boafrm/formMapDelDevice endpoint and can be...

6.5CVSS7.8AI score0.0345EPSS

Exploits1References7

Cvelist•added 2025/08/18 12:0 a.m.•10 views

CVE-2025-55589

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice...

0.0345EPSS

Exploits1References1

CNVD•added 2025/07/28 12:0 a.m.•1 views

TOTOLINK X15 formMapDelDevice File Buffer Overflow Vulnerability

TOTOLINK X15 is a network wireless extender manufactured by China's Gion Electronics TOTOLINK, mainly used to extend Wi-Fi coverage. The device supports Wi-Fi 6 technology and offers AX1500 wireless transmission rate for home and small office scenarios. A buffer overflow vulnerability exists in t...

9.8CVSS7.9AI score0.02266EPSS

Exploits1References1

OSV•added 2025/07/27 10:15 p.m.•0 views

CVE-2025-8244

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to buffer overflow. It is possible to...

9.8CVSS6.4AI score

Exploits0References5

CNNVD•added 2025/07/27 12:0 a.m.•1 views

TOTOLINK X15 安全漏洞

9.8CVSS7.8AI score0.02266EPSS

Exploits1References6