CVE-2025-4729

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Published: May 16, 2025
Updated: May 17, 2025
CVE: CVE-2025-4729
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWEs:

CWE-74
CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
totolink / a3002r_firmware	3.0.0-b20230809.1615	3.0.0-b20230809.1615.x
totolink / a3002ru_firmware	3.0.0-b20230809.1615	3.0.0-b20230809.1615.x

https://github.com/CH13hh/tmp_store_cc/blob/main/tt/ta/2.md
https://vuldb.com/?ctiid.309031
https://vuldb.com/?id.309031
https://vuldb.com/?submit.570686
https://www.totolink.net/

Vulnerability Database

290,273

CVE-2025-4729