Command Injection Vulnerability in Totolink A3300R Router
CVE-2025-52046

Currently unrated

Key Information:

Vendor: Totolink
Status: A3300R Router
Vendor: CVE Published:; 17 July 2025

What is CVE-2025-52046?

The Totolink A3300R router has a command injection vulnerability found in the sub_4197C0 function. This issue allows unauthenticated attackers to send specially crafted requests using the mac and desc parameters, potentially executing arbitrary commands on the device. This flaw poses a significant risk as it could lead to unauthorized access and control over affected routers.

References

https://www.notion.so/setWiFiAclRules-A3300R-2108aff2dc8b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2025
Vulnerability Reserved
Jun 16, 2025