Jeong Yun Ho

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R version 4.0.0-B20230531.1404 Description: The TOTOLINK A3002R device was found to have an eval injection issue due to the use of the `eval()` function. This allows for potential code execution. Recommendations: Update to a newer version that does not utilize the `eval()` function.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R version 4.0.0-B20230531.1404 Description: The TOTOLINK A3002R router firmware contains multiple OS command injection vulnerabilities. These vulnerabilities are located in the `/boafrm/formMapDelDevice` endpoint and can be triggered via the `macstr`, `bandstr`, and `clientoff` parameters. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.