CVE-2025-4729 – TOTOLINK A3002R/A3002RU Command Injection Vulnerability

May 15, 2025

CVE ID : CVE-2025-4729

Published : May 16, 2025, 12:15 a.m. | 42 minutes ago

Description : A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4730 – TOTOLINK A3002R/A3002RU HTTP POST Request Handler Buffer Overflow Vulnerability

Next Article CVE-2025-47930 – Zulip Public Channel Creation Privilege Escalation Vulnerability

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

I flew Insta360’s new ‘Antigravity’ drone around Los Angeles, and it was impossible to miss a shot

The $100 open-ear headphones that made me forget about my Shokz

5 quick and simple ways to greatly improve the quality of your headphones

Installing a UPS battery backup saved my work PC – here’s the full story

Maintaining Data Consistency with Laravel Database Transactions

Maintaining Data Consistency with Laravel Database Transactions

Building a Multi-Step Form With Laravel, Livewire, and MongoDB

Inertia Releases a New Form Component

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Take-Two hints at $100 price tag for Grand Theft Auto VI — will it deliver on value?

ChatGPT Go offers GPT-5, image creation, and longer memory — all for $5 (if you’re lucky enough to live where it’s available)

CVE-2025-4729 – TOTOLINK A3002R/A3002RU Command Injection Vulnerability

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

Zero Trust + AI: Privacy in the Age of Agentic AI

This Week in Laravel: NativePHP for Mobile, Cursor Tips and Stress Testing

CVE-2025-5505 – TOTOLINK A3002RU Cross-Site Scripting Vulnerability in Virtual Server Page

Switch Between Personas in Laravel With the MultiPersona Package

CVE-2025-5924 – “WordPress Firebase Push Notification CSRF”

CVE-2025-20701 – Airoha Bluetooth Audio SDK Remote Privilege Escalation Vulnerability

CVE-2025-53359 – Ethereum Crate Signature Malleability Vulnerability

CVE-2025-3521 – “WordPress Team Members Stored Cross-Site Scripting”

Smashing Security podcast #422: The curious case of the code copier

CVE-2025-4729 – TOTOLINK A3002R/A3002RU Command Injection Vulnerability

Related Posts