CVE Details
Basic Information
| Title | TOTOLINK A3002R formWlSiteSurvey os command injection |
|---|---|
| Type | cve |
| Published | 2025-06-22T17:00:16.977Z |
| Last Seen |
Product Information
| Vendor | TOTOLINK |
|---|---|
| Product | A3002R |
| Version | 1.1.1-B20200824.0128 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in TOTOLINK A3002R’s formWlSiteSurvey function allows remote OS command injection via the wlanif argument, enabling attackers to execute arbitrary commands. |
|---|---|
| AI Severity | High |
| Vendor | TOTOLINK |
| Product | A3002R |
| Affected Version | 1.1.1-B20200824.0128 |
Affected Products
- TOTOLINK A3002R 1.1.1-B20200824.0128
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-78, CWE-77 |
| Bulletin Family |
References
Description
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.