Yang In Gyu - Security Researcher - Exploit Intelligence Platform

CVE-2025-55584 WRITEUP MEDIUM WRITEUP

TOTOLINK A3002R v4.0.0-B20230531.1404 - Info Disclosure

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account.

CVSS 5.3

View Code

CVE-2025-55585 WRITEUP MEDIUM WRITEUP

TOTOLINK A3002R v4.0.0-B20230531.1404 - Command Injection

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function.

CVSS 6.5

View Code

CVE-2025-55586 WRITEUP HIGH WRITEUP

TOTOLINK A3002R v4.0.0-B20230531.1404 - DoS

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVSS 7.5

View Code

CVE-2025-55587 WRITEUP HIGH WRITEUP

TOTOLINK A3002R v4.0.0-B20230531.1404 - DoS

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVSS 7.5

View Code

CVE-2025-55588 WRITEUP HIGH WRITEUP

TOTOLINK A3002R v4.0.0-B20230531.1404 - DoS

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVSS 7.5

View Code

CVE-2025-55589 WRITEUP MEDIUM WRITEUP

TOTOLINK A3002R v4.0.0-B20230531.1404 - Command Injection

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice.

CVSS 6.5

View Code

CVE-2025-55590 WRITEUP MEDIUM WRITEUP

TOTOLINK A3002R v4.0.0-B20230531.1404 - Command Injection

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html.

CVSS 6.5

View Code

CVE-2025-55591 WRITEUP CRITICAL WRITEUP

TOTOLINK-A3002R v4.0.0-B20230531.1404 - Command Injection

TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint.

CVSS 9.8

View Code