Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> A3002r Firmware  Security Vulnerabilities
CVE-2025-45866
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-05-13
CVE-2025-45867
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-05-13
CVE-2025-25579
TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.
CVSS Score
9.8
EPSS Score
0.101
Published
2025-03-28
CVE-2025-25610
TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_gw parameter in the formIpv6Setup interface of /bin/boa.
CVSS Score
8.0
EPSS Score
0.0
Published
2025-02-28
CVE-2025-25635
TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa.
CVSS Score
8.0
EPSS Score
0.0
Published
2025-02-28
CVE-2025-25609
TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_ipv6 parameter in the formIpv6Setup interface of /bin/boa
CVSS Score
8.0
EPSS Score
0.0
Published
2025-02-28
CVE-2024-54907
TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-12-26
CVE-2024-34195
TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-08-28
CVE-2024-42520
TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-08-12
CVE-2024-33820
Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-05-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved