OS Command Injection Vulnerability in TOTOLINK A3002R Router
CVE-2025-55589

6.5MEDIUM

Key Information:

Vendor: TOTOLINK
Status: A3002R
Vendor: CVE Published:; 18 August 2025

What is CVE-2025-55589?

The TOTOLINK A3002R router has been found to have multiple OS command injection vulnerabilities that can be exploited through specific parameters in the device's web interface. Attackers leveraging the macstr, bandstr, and clientoff parameters at the /boafrm/formMapDelDevice endpoint can execute arbitrary OS commands, potentially compromising the router's operation and security. It is crucial for users of affected versions to apply updates or patches to mitigate these risks promptly.

References

https://github.com/goldenGlow21/softwares_PoC/blob/main/A...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2025
Vulnerability Reserved
Aug 13, 2025

CVE-2025-55589 Data

JSON