CVE-2025-5502 – TOTOLINK X15 Command Injection Vulnerability

June 3, 2025

CVE ID : CVE-2025-5502

Published : June 3, 2025, 2:15 p.m. | 1 hour, 14 minutes ago

Description : A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCinecred creates film credits without the pain

Next Article CVE-2025-5501 – Open5GS NGAP PathSwitchRequest Message Handler Remote Assertion Vulnerability

Highlights

CVE-2025-9046 – Tenda AC20 Stack-Based Buffer Overflow Vulnerability

August 15, 2025

CVE ID : CVE-2025-9046

Published : Aug. 15, 2025, 11:15 a.m. | 12 hours, 53 minutes ago

Description : A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 9.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Top 10 Use Cases of Vibe Coding in Large-Scale Node.js Applications

Building smarter interactions with MCP elicitation: From clunky tool calls to seamless user experiences

From Zero to MCP: Simplifying AI Integrations with xmcp

Distribution Release: Linux Mint 22.2

Coded Smorgasbord: Basically, a Smorgasbord

Drupal 11’s AI Features: What They Actually Mean for Your Team

Drupal 11’s AI Features: What They Actually Mean for Your Team

Why Data Governance Matters More Than Ever in 2025?

Perficient Included in the IDC Market Glance for Digital Business Professional Services, 3Q25

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

CVE-2025-5502 – TOTOLINK X15 Command Injection Vulnerability

Critical Linux UDisks Daemon Vulnerability (CVE-2025-8067) Exposes Privileged Data to Local Attackers

Google Slapped with $381 Million Fine in France Over Gmail Ads, Cookie Consent Missteps

CVE-2025-32421 – Next.js Race Condition Page Prop Exposure

CVE-2025-47273 – Setuptools Remote Code Execution via Path Traversal

CitrixBleed 2: Electric Boogaloo — CVE-2025–5777

OpenAI rolls out new o3-pro AI model to ChatGPT Pro subscribers

CVE-2025-9046 – Tenda AC20 Stack-Based Buffer Overflow Vulnerability

Apple’s App Store shaken: Court ends ‘Apple tax’ on external purchases

Why and how to unlock proprietary data to drive AI success

CVE-2010-20111 – Digital Music Pad Buffer Overflow Vulnerability

CVE-2025-5502 – TOTOLINK X15 Command Injection Vulnerability

Related Posts