CVE-2025-52046 – Totolink A3300R Command Injection Vulnerability

July 17, 2025

CVE ID : CVE-2025-52046

Published : July 17, 2025, 4:15 p.m. | 2 hours, 21 minutes ago

Description : Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53867 – Island Lake WebBatch Remote Code Execution Vulnerability

Next Article CVE-2023-41566 – OA EKP Arbitrary Download Vulnerability

Highlights

CVE-2025-35008 – Microhard BulletLTE-NA2/IPn4Gii-NA2 Command Injection Vulnerability

June 8, 2025

CVE ID : CVE-2025-35008

Published : June 8, 2025, 9:15 p.m. | 38 minutes ago

Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MMNAME command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Too many open browser tabs? This is still my favorite solution – and has been for years

This new browser won’t monetize your every move – how to try it

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

The details of TC39’s last meeting

The details of TC39’s last meeting

Reclaim Space: Delete Docker Orphan Layers

Notes Android App Using SQLite

KeySmith – SSH key management

KeySmith – SSH key management

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

CVE-2025-52046 – Totolink A3300R Command Injection Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

CVE-2025-46731 – Craft CMS SSTI Remote Code Execution Vulnerability

SmartOS – Type 1 Hypervisor platform based on illumos

I hate spending money on PCs — that’s why I recommend these affordable mini PCs instead of a desktop or laptop on Prime Day

Vibe Coding: Game Changer or Catastrophe For App/Game Dev?

CVE-2025-35008 – Microhard BulletLTE-NA2/IPn4Gii-NA2 Command Injection Vulnerability

CVE-2025-6844 – Simple Forum SQL Injection Vulnerability

Distribution Release: AlmaLinux OS 9.6

CVE-2025-3785 – D-Link DWR-M961 Stack-Based Buffer Overflow Vulnerability

CVE-2025-52046 – Totolink A3300R Command Injection Vulnerability

Related Posts