CVE-2025-4729

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R and A3002RU version 3.0.0-B20230809.1615

Description: A critical issue affects an unknown functionality of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to command injection. This issue can be exploited remotely.

Recommendations: For TOTOLINK A3002R and A3002RU version 3.0.0-B20230809.1615, as a temporary workaround, consider restricting access to the /boafrm/formMapDelDevice file to minimize the risk of exploitation. Avoid using the macstr argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.