Command Injection Vulnerability in Totolink A3300R Router
CVE-2025-52046

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: A3300R Router
Vendor: CVE Published:; 17 July 2025

What is CVE-2025-52046?

The Totolink A3300R router has a command injection vulnerability found in the sub_4197C0 function. This issue allows unauthenticated attackers to send specially crafted requests using the mac and desc parameters, potentially executing arbitrary commands on the device. This flaw poses a significant risk as it could lead to unauthorized access and control over affected routers.

References

https://www.notion.so/setWiFiAclRules-A3300R-2108aff2dc8b...

https://github.com/w0rkd4tt/Totolink/blob/main/CVE-2025-5...

EPSS Score

64% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2025
Vulnerability Reserved
Jun 16, 2025

JSON