Command Injection Vulnerability in TOTOLINK A3002R and A3002RU
CVE-2025-4729
5.3MEDIUM
Key Information:
Badges
👾 Exploit Exists
What is CVE-2025-4729?
A command injection vulnerability exists in the TOTOLINK A3002R and A3002RU models, specifically in the HTTP POST Request Handler's formMapDelDevice functionality. This weakness allows an attacker to manipulate the 'macstr' parameter, potentially leading to unauthorized command execution. The vulnerability can be exploited remotely, posing a significant risk to affected devices. Users should take immediate precautions to mitigate the impact by applying available patches and updating device firmware as necessary.
Affected Version(s)
A3002R 3.0.0-B20230809.1615
A3002RU 3.0.0-B20230809.1615