A3002RU
by Totolink
CVEs (91)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-55587 | 0.00 | — | 0.00 | Aug 18, 2025 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2025-55585 | 0.00 | — | 0.00 | Aug 18, 2025 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function. | |||
| CVE-2025-55584 | 0.00 | — | 0.00 | Aug 18, 2025 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account. | |||
| CVE-2025-55588 | 0.00 | — | 0.00 | Aug 18, 2025 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2025-6953 | 0.00 | — | 0.01 | Jul 1, 2025 | A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer… | |||
| CVE-2025-6939 | 0.00 | — | 0.01 | Jul 1, 2025 | A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow.… | |||
| CVE-2025-6487 | 0.00 | — | 0.01 | Jun 22, 2025 | A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated… | |||
| CVE-2025-6486 | 0.00 | — | 0.01 | Jun 22, 2025 | A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to stack-based buffer… | |||
| CVE-2025-6393 | 0.00 | — | 0.01 | Jun 21, 2025 | A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component… | |||
| CVE-2025-6337 | 0.00 | — | 0.01 | Jun 20, 2025 | A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615/4.0.0-B20230531.1404. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The… | |||
| CVE-2025-6164 | 0.00 | — | 0.01 | Jun 17, 2025 | A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow.… | |||
| CVE-2025-6163 | 0.00 | — | 0.01 | Jun 17, 2025 | A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to… | |||
| CVE-2025-6149 | 0.00 | — | 0.01 | Jun 17, 2025 | A vulnerability classified as critical has been found in TOTOLINK A3002R 4.0.0-B20230531.1404. Affected is an unknown function of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is… | |||
| CVE-2025-6148 | 0.00 | — | 0.01 | Jun 17, 2025 | A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer… | |||
| CVE-2025-5508 | 0.00 | — | 0.00 | Jun 3, 2025 | A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Port Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack… | |||
| CVE-2025-5507 | 0.00 | — | 0.00 | Jun 3, 2025 | A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The… | |||
| CVE-2025-5506 | 0.00 | — | 0.00 | Jun 3, 2025 | A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been classified as problematic. Affected is an unknown function of the component NAT Mapping Page. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the… | |||
| CVE-2025-5505 | 0.00 | — | 0.00 | Jun 3, 2025 | A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011 and classified as problematic. This issue affects some unknown processing of the file /boafrm/formPortFw of the component Virtual Server Page. The manipulation of the argument service_type leads to cross site… | |||
| CVE-2025-45862 | 0.00 | — | 0.00 | May 20, 2025 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s interface. | |||
| CVE-2025-4852 | 0.00 | — | 0.00 | May 18, 2025 | A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be initiated… |
- CVE-2025-55587Aug 18, 2025risk 0.00cvss —epss 0.00
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2025-55585Aug 18, 2025risk 0.00cvss —epss 0.00
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function.
- CVE-2025-55584Aug 18, 2025risk 0.00cvss —epss 0.00
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account.
- CVE-2025-55588Aug 18, 2025risk 0.00cvss —epss 0.00
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2025-6953Jul 1, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer…
- CVE-2025-6939Jul 1, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow.…
- CVE-2025-6487Jun 22, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated…
- CVE-2025-6486Jun 22, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to stack-based buffer…
- CVE-2025-6393Jun 21, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component…
- CVE-2025-6337Jun 20, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615/4.0.0-B20230531.1404. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The…
- CVE-2025-6164Jun 17, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow.…
- CVE-2025-6163Jun 17, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to…
- CVE-2025-6149Jun 17, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in TOTOLINK A3002R 4.0.0-B20230531.1404. Affected is an unknown function of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is…
- CVE-2025-6148Jun 17, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer…
- CVE-2025-5508Jun 3, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Port Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack…
- CVE-2025-5507Jun 3, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The…
- CVE-2025-5506Jun 3, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been classified as problematic. Affected is an unknown function of the component NAT Mapping Page. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the…
- CVE-2025-5505Jun 3, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011 and classified as problematic. This issue affects some unknown processing of the file /boafrm/formPortFw of the component Virtual Server Page. The manipulation of the argument service_type leads to cross site…
- CVE-2025-45862May 20, 2025risk 0.00cvss —epss 0.00
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s interface.
- CVE-2025-4852May 18, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be initiated…
Page 3 of 5