EUVD-2025-4474

Malicious code in bioql PyPI...

CVE-2025-3249

A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apclicancelwps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The explo...

CVE-2025-3249

CVE-2025-3249 affects TOTOLINK A6000R 1.0.1-B20201211.2000. The issue is in the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua , enabling remote command injection . Several sources confirm this vulnerability with public disclosure and potential exploitation.

CVE-2025-25605

Totolink X5000R V9.1.0u.6369B20230113 is vulnerable to command injection via the apcliwpsgenpincode function in mtkwifi.lua...

CVE-2025-25605

Totolink X5000R V9.1.0u.6369B20230113 is vulnerable to command injection via the apcliwpsgenpincode function in mtkwifi.lua...

CVE-2025-25605

Totolink X5000R running 9.1.0u.6369_B20230113 is affected by a command-injection in mtkwifi.lua’s apcli_wps_gen_pincode function. Root cause: input handling in that Lua function allows arbitrary command execution. Impact: network-accessible, authenticated? The CVSS shows network attack, no user i...

PT-2025-7559 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: Totolink X5000R version 9.1.0u.6369 B20230113 Description: The issue concerns a command injection vulnerability via the vif disable function in mtkwifi.lua. Recommendations: For Totolink X5000R version 9.1.0u.6369 B20230113, as a temporary...