CVE-2025-5515 – TOTOLINK X2000R Command Injection Vulnerability

June 3, 2025

CVE ID : CVE-2025-5515

Published : June 3, 2025, 6:15 p.m. | 1 hour, 15 minutes ago

Description : A vulnerability, which was classified as critical, has been found in TOTOLINK X2000R 1.0.0-B20230726.1108. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel. The manipulation of the argument devicemac1 leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5516 – TOTOLINK X2000R Cross-Site Scripting Vulnerability

Next Article CVE-2025-5513 – Quequnlong Shiyi-Blog Cross-Site Scripting Vulnerability

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Development Release: KDE Linux 20250906

Hitachi Energy Pledges $1B to Strengthen US Grid, Build Largest Transformer Plant in Virginia

How to debug a web app with Playwright MCP and GitHub Copilot

Between Strategy and Story: Thierry Chopain’s Creative Path

Health Monitoring Android App using SQLite

Health Monitoring Android App using SQLite

Convertedbook – Live LaTeX Preview in the Browser

Why browsers throttle JavaScript timers (and what to do about it)

Development Release: KDE Linux 20250906

Development Release: KDE Linux 20250906

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

CVE-2025-5515 – TOTOLINK X2000R Command Injection Vulnerability

Under lock and key: Safeguarding business data with encryption

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

CVE-2025-53373 – Natours Host Header Injection Vulnerability

CVE-2025-38335 – Linux Kernel gpio-keys Soft Lockup Vulnerability

I’ve become a big HP fan after reviewing this powerful and premium enterprise AI laptop

Frostpunk 1886 is a reimagining of the original game, and it’s coming in 2027

10 passkey survival tips: The best preparation for a password-less future is to start living there now

⚡ Weekly Recap — SharePoint Breach, Spyware, IoT Hijacks, DPRK Fraud, Crypto Drains and More

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

CVE-2025-53471 – Emerson ValveLink Input Validation Bypass

CVE-2025-5515 – TOTOLINK X2000R Command Injection Vulnerability

Related Posts