CVE-2025-6485 – TOTOLINK A3002R OS Command Injection Vulnerability

June 22, 2025

CVE ID : CVE-2025-6485

Published : June 22, 2025, 5:15 p.m. | 7 hours, 39 minutes ago

Description : A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6487 – TOTOLINK A3002R Stack-Based Buffer Overflow

Next Article CVE-2025-6484 – Code-projects Online Shopping Store SQL Injection

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

I used Lenovo’s latest dual-screen OLED laptop for a month and it wouldn’t be my first choice — here’s why

Here’s how I fixed a dead Steam Deck screen — with Valve proving they still have the best customer service in gaming

Borderlands 4 drops stunning new story trailer

DistroWatch Weekly, Issue 1127

Exploring Lakebase: Databricks’ Next-Gen AI-Native OLTP Database

Exploring Lakebase: Databricks’ Next-Gen AI-Native OLTP Database

Understanding JavaScript Promise

Lakeflow: Revolutionizing SCD2 Pipelines with Change Data Capture (CDC)

I used Lenovo’s latest dual-screen OLED laptop for a month and it wouldn’t be my first choice — here’s why

I used Lenovo’s latest dual-screen OLED laptop for a month and it wouldn’t be my first choice — here’s why

Here’s how I fixed a dead Steam Deck screen — with Valve proving they still have the best customer service in gaming

Borderlands 4 drops stunning new story trailer

CVE-2025-6485 – TOTOLINK A3002R OS Command Injection Vulnerability

CVE-2025-6478 – CodeAstro Expense Management System CSRF

CVE-2025-6479 – Simple Pizza Ordering System SQL Injection

T-Mobile will give you the Samsung Galaxy S25 Plus for free – how the deal works

Best early Prime Day laptop deals: My 12 favorite sales live now

CVE-2025-5117 – WordPress Property Plugin Privilege Escalation Vulnerability

CVE-2025-6266 – FLIR AX8 Unrestricted File Upload Vulnerability

How to Build a LinkedIn Profile for CA students that Attracts CA Articleship Opportunities

CVE-2025-32404 – RT-Labs P-Net OOB Write Vulnerability

Radware Cloud Web App Firewall Vulnerability Let Attackers Bypass Filters

Enhance Email Validation with Laravel’s Fluent Email Rule Object

CVE-2025-6485 – TOTOLINK A3002R OS Command Injection Vulnerability

Related Posts