CVE-2025-4462 – TOTOLINK N150RT Buffer Overflow Vulnerability

May 9, 2025

CVE ID : CVE-2025-4462

Published : May 9, 2025, 5:15 a.m. | 59 minutes ago

Description : A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4461 – TOTOLINK N150RT Cross-Site Scripting Vulnerability

Next Article CVE-2025-47736 – SQLite3 Parser Invalid UTF-8 Input Crash

Highlights

CVE-2025-3882 – eCharge Hardy Barth cPH2 Command Injection Remote Code Execution Vulnerability

May 22, 2025

CVE ID : CVE-2025-3882

Published : May 22, 2025, 1:15 a.m. | 1 hour, 44 minutes ago

Description : eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of the dest parameter provided to the nwcheckexec.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-23114.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Agent Mode for Gemini added to Android Studio

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

Where to buy a Meta Quest 3S Xbox Edition — and why it’s a better bargain than the “normal” Meta Quest 3S

Vite 7.0 Is Out

Vite 7.0 Is Out

Exploring JavaScript ES2025 Edition

Mastering Mixed DML Operations in Apex

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

CVE-2025-4462 – TOTOLINK N150RT Buffer Overflow Vulnerability

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials

Urgent Advantech Alert: Critical Flaws (CVSS 9.6) Expose Industrial Automation to Remote Takeover, PoC Releases

New to Linux? Don’t try these 7 distros (yet)

CVE-2025-6518 – Apache Jinja2 Template Handler Remote Template Injection Vulnerability

Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign

CVE-2025-3835 – Zohocorp ManageEngine Exchange Reporter Plus Remote Code Execution Vulnerability

CVE-2025-3882 – eCharge Hardy Barth cPH2 Command Injection Remote Code Execution Vulnerability

A Coding Implementation for Advanced Multi-Head Latent Attention and Fine-Grained Expert Segmentation

YouTube Asks Users to Check Reason for ‘Interruptions’ Amid Ad Blocker Warnings—Directs Them to Help Page

CVE-2025-2254 – GitLab Cross-Site Scripting (XSS) Vulnerability

CVE-2025-4462 – TOTOLINK N150RT Buffer Overflow Vulnerability

Related Posts