A3002r Firmware Security Vulnerabilities and Issues — Page 2 of A3002r Firmware CVE List

Lucene search

TotolinkA3002r Firmware

61 matches found

cve•added 2025/06/22 5:15 p.m.•9 views

CVE-2025-6485

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack remote...

6.5CVSS6.9AI score0.1093EPSS

Web

cve•added 2025/06/22 6:15 p.m.•9 views

CVE-2025-6486

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be...

9CVSS8.9AI score0.00163EPSS

cve•added 2025/06/20 12:15 p.m.•7 views

CVE-2025-6337

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615/4.0.0-B20230531.1404. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argum...

9CVSS7.3AI score0.00192EPSS

Web

cve•added 2025/08/18 8:15 p.m.•6 views

CVE-2025-55585

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function.

6.5CVSS7.9AI score0.00128EPSS

cve•added 2025/08/18 8:15 p.m.•6 views

CVE-2025-55586

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

7.5CVSS7.7AI score0.00181EPSS

Web

cve•added 2025/08/18 8:15 p.m.•6 views

CVE-2025-55589

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice.

6.5CVSS8.2AI score0.11176EPSS

Web

cve•added 2025/08/18 8:15 p.m.•5 views

CVE-2025-55584

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account.

5.3CVSS7.7AI score0.00126EPSS

cve•added 2025/08/18 8:15 p.m.•5 views

CVE-2025-55587

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

7.5CVSS7.7AI score0.00181EPSS

Web

cve•added 2025/08/18 8:15 p.m.•5 views

CVE-2025-55588

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

7.5CVSS7.7AI score0.00181EPSS

Web

cve•added 2025/08/18 8:15 p.m.•5 views

CVE-2025-55590

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html.

6.5CVSS8.2AI score0.11176EPSS

cve•added 2025/08/18 8:15 p.m.•5 views

CVE-2025-55591

TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint.

9.8CVSS8.1AI score0.05757EPSS

Total number of security vulnerabilities61