TOTOLINK A3002R/A3002RU 3.0.0-B20230809.1615 HTTP POST Request /boafrm/formMapDelDevice macstr buleki ya zole ya mingi
| CVSS Meta Temp Score | Nsengo ya exploit ya lelo (≈) | CTI Ntangu ya mfunu |
|---|---|---|
| 6.0 | $0-$5k | 0.09 |
Kinsantu
Nsangu kele ti ya nkaka me mona mu TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. Kuna mambu meyina mpila kisalu kayina kumanyikana ya file /boafrm/formMapDelDevice ya mukanda HTTP POST Request Handler. Ntangu kusala ya argument macstr me lungisa buleki ya zole ya mingi. Kikosa yai me vandaka na kombo CVE-2025-4729. Ke luyalu ya ku tuma ataaka na nsinga. Na yina, exploit me zaba. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Bisalu
Nsangu kele ti ya nkaka me mona mu TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. Kuna mambu meyina mpila kisalu kayina kumanyikana ya file /boafrm/formMapDelDevice ya mukanda HTTP POST Request Handler. Ntangu kusala ya argument macstr me lungisa buleki ya zole ya mingi. Kusadila CWE na kulonga mpasi me tula na CWE-77. Lufwa ya bulema yawu zabisamaka. Nsangu ya kulanga me sambu na kuvanda na downloadi na github.com.
Kikosa yai me vandaka na kombo CVE-2025-4729. Ke luyalu ya ku tuma ataaka na nsinga. Bisalu ya tekiniki me zoleka. Kutemwa ya nswa yai kele na nse ya ya mosi. Na yina, exploit me zaba. Kusadila kwawu kwazwisisamene na bantu bonso mpi lenda salama na muntu nionso. Ntangu yai, ntalu ya exploit ekoki kozala USD $0-$5k.
Ke luyalu ya ku tula exploit na github.com.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Mpiodi
Mubikisi
Dzina
Nsomi
Lisansi
Nseke ya Internet
- Mubikisi: https://www.totolink.net/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Nsinga: 🔒VulDB Kukwama: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Nsinga: 🔒
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 6.0
VulDB Nsinga ya ntete: 6.3
VulDB Nsangu ya ntangu: 5.7
VulDB Nsinga: 🔒
VulDB Kukwama: 🔍
CNA Nsinga ya ntete: 6.3
CNA Nsinga: 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vɛkɛtɛr | Kompɛlɛksite | Kukanga ya kimvuka | Kibombama | Kumweneka ya kieleka | Kupusana |
|---|---|---|---|---|---|
| kusala nsinga | kusala nsinga | kusala nsinga | kusala nsinga | kusala nsinga | kusala nsinga |
| kusala nsinga | kusala nsinga | kusala nsinga | kusala nsinga | kusala nsinga | kusala nsinga |
| kusala nsinga | kusala nsinga | kusala nsinga | kusala nsinga | kusala nsinga | kusala nsinga |
VulDB Nsinga ya ntete: 🔒
VulDB Nsangu ya ntangu: 🔒
VulDB Kukwama: 🔍
Kusangula
Kilasi: Buleki ya zole ya mingiCWE: CWE-77 / CWE-74 / CWE-707
CAPEC: 🔒
ATT&CK: 🔒
Ya nitu: Veve
Ya mboka: Veve
Ya kutali: Ee
Kupusana: 🔒
Mokano: Ya pole
Bika: Lufutuka ya lufutuka
Kokanga: 🔒
EPSS Score: 🔒
EPSS Percentile: 🔒
Ntangu ya mbongo: 🔍
Nsadisi ya ntalu ya lelo: 🔒
| 0-Day | kusala nsinga | kusala nsinga | kusala nsinga | kusala nsinga |
|---|---|---|---|---|
| Lelo | kusala nsinga | kusala nsinga | kusala nsinga | kusala nsinga |
Nsangu ya Minyoka
Mfunu: 🔍Batu bazali na misala: 🔍
Bampangi ya APT bazali na misala ya ntango nyonso: 🔍
Bikesa ya kulwisa
Tombwisa: ka lusansu luyindwangaBika: 🔍
Tango ya 0-Day: 🔒
Nsango ya ntangu
05/15/2025 Advisory betangami05/15/2025 VulDB kisalu kusalwidi
06/20/2025 VulDB kisalu nsuka ya kusukisa
Minsinsa
Mubikisi: totolink.netTiyano: github.com
Bika: Kabikidi ko
CVE: CVE-2025-4729 (🔒)
GCVE (CVE): GCVE-0-2025-4729
GCVE (VulDB): GCVE-100-309031
EUVD: 🔒
scip Labs: https://www.scip.ch/en/?labs.20161013
Kusonika
Kusala: 05/15/2025 09:28Kusala kisalu kipya: 06/20/2025 16:29
Bisalu: 05/15/2025 09:28 (56), 05/16/2025 03:37 (1), 05/16/2025 11:43 (30), 06/20/2025 16:29 (1)
Keleka nyonso: 🔍
Mutumisi: BabyShark
Cache ID: 253:502:103
Tumela
Kabulami
- Tumela #570686: TOTOLINK A3002RU V3/A3002R_V4 V3.0.0-B20230809.1615 Command execution (kuva BabyShark)
Ata beto na ndinga. Minu dia: kg + ln + en.
Benga na kati na site mpo na kokoka kosala ndakisa.