CVE-2025-5515 – TOTOLINK X2000R Command Injection Vulnerability

June 3, 2025

CVE ID : CVE-2025-5515

Published : June 3, 2025, 6:15 p.m. | 1 hour, 15 minutes ago

Description : A vulnerability, which was classified as critical, has been found in TOTOLINK X2000R 1.0.0-B20230726.1108. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel. The manipulation of the argument devicemac1 leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5516 – TOTOLINK X2000R Cross-Site Scripting Vulnerability

Next Article CVE-2025-5513 – Quequnlong Shiyi-Blog Cross-Site Scripting Vulnerability

Highlights

CVE-2025-5235 – OpenSheetMusicDisplay for WordPress Stored Cross-Site Scripting

May 30, 2025

CVE ID : CVE-2025-5235

Published : May 30, 2025, 10:15 a.m. | 1 hour, 41 minutes ago

Description : The OpenSheetMusicDisplay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

The 5 gadgets that got me through marathons and obstacle races (and why they work)

This beastly 500W charger replaced every other charger I had – with six ports to boot

Mac Mini won’t power on? Apple will fix it for you – for free

Why I’m switching to VS Code. Hint: It’s all about AI tool integration

From Concept to Code: Final Year PHP Projects with Reports for Smart Submissions

From Concept to Code: Final Year PHP Projects with Reports for Smart Submissions

Building Construction suppliers in India

Neutralinojs v6.1 released

Microsoft Edge’s Quiet Shift to AVIF: Why It Matters

Microsoft Edge’s Quiet Shift to AVIF: Why It Matters

Windows 11 test builds are accidentally playing the Windows Vista startup sound

Leaked: ROG Xbox Ally and Xbox Ally X pre-orders set for August, launch in October

CVE-2025-5515 – TOTOLINK X2000R Command Injection Vulnerability

⚡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More

46,000+ Grafana Instances Exposed to Malicious Account Takeover Attacks

svelte vs react

The Role of Prosody in Spoken Question Answering

Amazon Q Developer gets new agentic coding experience in Visual Studio Code

Celebrating GAAD by Committing to Universal Design: Starting with Equitable Use for Everyone

CVE-2025-5235 – OpenSheetMusicDisplay for WordPress Stored Cross-Site Scripting

Urgent GitLab Security Alert: High-Severity Flaws Allow Account Takeover & Code Injection!

CVE-2025-4913 – PHPGurukul Auto Taxi Stand Management System SQL Injection Vulnerability

CVE-2024-41446 – Alkacon OpenCMS Stored XSS Vulnerability

CVE-2025-5515 – TOTOLINK X2000R Command Injection Vulnerability

Related Posts