PT-2025-20923 · Totolink · Totolink A3002Ru
Published
2025-05-13
·
Updated
2025-05-23
·
CVE-2025-45858
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
TOTOLINK A3002R version 4.0.0-B20230531.1404
Description:
A command injection issue was discovered via the
FUN 00459fdc function. This allows for potential exploitation.Recommendations:
For TOTOLINK A3002R version 4.0.0-B20230531.1404, consider restricting access to the
FUN 00459fdc function as a temporary workaround until a patch is available.Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink A3002Ru