3 matches found
CVE-2025-34319 TOTOLINK N300RT <= V2.1.8-B20201030.1539 Boa formWsc RCE
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 discovered in V2.1.8-B20201030.1539 contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via...
EUVD-2025-28714
Malicious code in bioql PyPI...
The vulnerability of the built-in web server boa (/boa/formWSC) in TOTOLINK N150RT router’s microprogramming software allows a intruder to execute arbitrary commands.
The vulnerability of the built-in web server boa /boa/formWSC of TOTOLINK N150RT routers is related to the failure to take measures to neutralize special elements used in the operating system’s commands when processing the targetAPSsid parameter. Exploiting this vulnerability allows a remote...