A3002r Firmware Security Vulnerabilities and Issues — A3002r Firmware CVE List

Lucene search

TotolinkA3002r Firmware

11 matches found

CVE•added 2021/08/20 5:15 p.m.•54 views

CVE-2021-34207

Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field.

6.1CVSS6.4AI score0.00212EPSS

Web

CVE•added 2021/08/20 5:15 p.m.•42 views

CVE-2021-34215

Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field.

6.1CVSS6.3AI score0.00191EPSS

CVE•added 2021/08/20 5:15 p.m.•42 views

CVE-2021-34228

Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field.

6.1CVSS6.4AI score0.01806EPSS

CVE•added 2021/08/20 5:15 p.m.•39 views

CVE-2021-34220

Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field.

6.1CVSS6.4AI score0.00191EPSS

CVE•added 2021/08/20 5:15 p.m.•38 views

CVE-2021-34223

Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field.

6.1CVSS6.3AI score0.00191EPSS

CVE•added 2025/05/16 12:15 a.m.•26 views

CVE-2025-4729

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads ...

6.5CVSS7AI score0.02873EPSS

Web

CVE•added 2025/05/20 2:15 p.m.•23 views

CVE-2025-45862

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s interface.

6.5CVSS7.5AI score0.0008EPSS

CVE•added 2025/06/22 5:15 p.m.•8 views

CVE-2025-6485

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack remote...

6.5CVSS6.9AI score0.1236EPSS

Web

CVE•added 4 days ago•4 views

CVE-2025-55589

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice.

6.5CVSS8.2AI score0.03475EPSS

CVE•added 4 days ago•3 views

CVE-2025-55585

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function.

6.5CVSS7.9AI score0.00039EPSS

CVE•added 4 days ago•3 views

CVE-2025-55590

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html.

6.5CVSS8.2AI score0.03475EPSS