TOTOLINK A3002R/A3002RU 3.0.0-B20230809.1615 HTTP POST Request /boafrm/formMapDelDevice macstr amalungelo andlule
| CVSS Meta Temp Isilinganiso | Intengo yamanje ye-exploit (≈) | CTI Inzalo Score |
|---|---|---|
| 6.0 | $0-$5k | 0.09 |
Isifinyezo
Kubonakale ubuthakathaka obubizwa ngokuthi kubalulekile kakhulu ku TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. Kuthintekile umsebenzi $software_function kufayela /boafrm/formMapDelDevice kwe-component HTTP POST Request Handler. Ukuphathwa kwepharamitha macstr kuholela ku amalungelo andlule.
Le buthakathaka itholakala njenge CVE-2025-4729. Ukuhlasela kungaqalwa kude. Ngaphezu kwalokho, i-exploit ikhona.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Iinkcukacha
Kubonakale ubuthakathaka obubizwa ngokuthi kubalulekile kakhulu ku TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. Kuthintekile umsebenzi $software_function kufayela /boafrm/formMapDelDevice kwe-component HTTP POST Request Handler. Ukuphathwa kwepharamitha macstr kuholela ku amalungelo andlule. Ukusebenzisa i-CWE ukusho inkinga kuholela ku-CWE-77. Kuboniswe ubuthakathaka lolu. Isaziso singalayishwa ku-github.com.
Le buthakathaka itholakala njenge CVE-2025-4729. Ukuhlasela kungaqalwa kude. Kukhona imininingwane yezobuchwepheshe etholakalayo. Le vulnerability ayidumi kakhulu, idlula phansi kokujwayelekile. Ngaphezu kwalokho, i-exploit ikhona. Ukuhlaselwa sekudalulwe ebantwini futhi kungasetshenziswa. Okwamanje, intengo yamanje ye-exploit ingaba cishe USD $0-$5k ngalesi sikhathi.
Ungakwazi ukulanda i-exploit ku-github.com.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Umkhiqizo
Umkhiqizi
Ibizo
Inguqulo
Ilayisense
Iwebhusayithi
- Umkhiqizi: https://www.totolink.net/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Umkhombandlela: 🔒VulDB Ukuthembeka: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Umkhombandlela: 🔒
CVSSv3
VulDB Ireyithingi yeMeta Base: 6.3VulDB Meta Temp Isilinganiso: 6.0
VulDB Isilinganiso Esiyisisekelo: 6.3
VulDB Izinga Lesikhashana: 5.7
VulDB Umkhombandlela: 🔒
VulDB Ukuthembeka: 🔍
CNA Isilinganiso Esiyisisekelo: 6.3
CNA Umkhombandlela: 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Umkhombandlela | Ubunzima | Ukufakazela ubuwena | Ukuyimfihlo | Ukuthembeka | Ukutholakala |
|---|---|---|---|---|---|
| vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela |
| vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela |
| vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela |
VulDB Isilinganiso Esiyisisekelo: 🔒
VulDB Izinga Lesikhashana: 🔒
VulDB Ukuthembeka: 🔍
Ukusebenzisa ithuba lokungavikeleki
Ikilasi: Amalungelo andluleCWE: CWE-77 / CWE-74 / CWE-707
CAPEC: 🔒
ATT&CK: 🔒
Okubambekayo: Hayi
Wendawo: Hayi
Kude: Yebo
Ukutholakala: 🔒
Umnyango: Umphakathi
Isimo: Ubufakazi-bokusebenza
Landa: 🔒
EPSS Score: 🔒
EPSS Percentile: 🔒
Ukukhula kwentengo: 🔍
Okwamanje ukuhlolwa kwentengo: 🔒
| 0-Day | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela |
|---|---|---|---|---|
| Namuhla | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela |
Ulwazi lwezingozi
Intshisekelo: 🔍Abadlali abasebenzayo: 🔍
AmaQembu e-APT asebenzayo: 🔍
Izinyathelo zokuvikela
Isincomo: akukho sithathwa esaziwayoIsimo: 🔍
0-Suku Isikhathi: 🔒
Isikhathi somlando
2025-05-15 Isaziso sikhishwe2025-05-15 VulDB okokungena kwenziwe
2025-06-20 VulDB okungenelelwe ukubuyekezwa kokugcina
Imithombo
Umkhiqizi: totolink.netIseluleko: github.com
Isimo: Akuchazwanga
CVE: CVE-2025-4729 (🔒)
GCVE (CVE): GCVE-0-2025-4729
GCVE (VulDB): GCVE-100-309031
EUVD: 🔒
scip Labs: https://www.scip.ch/en/?labs.20161013
Ukungena
Kudalwa: 2025-05-15 09:28Ukuvuselelwa: 2025-06-20 16:29
Ukulungiswa: 2025-05-15 09:28 (56), 2025-05-16 03:37 (1), 2025-05-16 11:43 (30), 2025-06-20 16:29 (1)
Kugcwele: 🔍
Umthumeli: BabyShark
Cache ID: 253:FDA:103
Thumela
Yamukelwa
- Thumela #570686: TOTOLINK A3002RU V3/A3002R_V4 V3.0.0-B20230809.1615 Command execution (kusuka ku BabyShark)
Kuze kube manje akukabikho ukuphawula. Izilimi: nr + nd + en.
Ngiyacela ungene ngemvume ukuze ukwazi ukuphawula.