4 matches found
EUVD-2025-22116
Malicious code in bioql PyPI...
CVE-2025-44655
The CVE-2025-44655 entry affects TOTOLink devices (A7100RU V7.4, A950RG V5.9, T10 V5.9). The root cause is that chroot_local_user is enabled in vsftpd.conf, which can permit unauthorized access to system files, privilege escalation, or use of the compromised device as a pivot point for internal n...
CVE-2025-28034
TOTOLINK A800R V4.1.2cu.5137B20200730, A810R V4.1.2cu.5182B20201026, A830R V4.1.2cu.5182B20201102, A950RG V4.1.2cu.5161B20200903, A3000RU V5.9c.5185B20201128, and A3100R V4.1.2cu.5247B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function...
CVE-2025-28034
CVE-2025-28034 affects several TOTOLINK devices (A800R, A810R, A830R, A950RG, A3000RU, A3100R). The vulnerability is a pre-auth remote command execution in the NTPSyncWithHost function via the hostTime parameter. No explicit exploitation details are provided in the documents; exploit status is no...