A3002ru Firmware
CVE-2023-48859
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code.
AnalysisAI
TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code. Affected products include: Totolink A3002Ru Firmware. Version information: version 2.0.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.
More in A3002ru Firmware
View allTOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. Rated critical severity
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands vi
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands vi
System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via th
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via t
Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin use
CVE-2025-6393 is a critical buffer overflow vulnerability in the HTTP POST request handler of TOTOLINK routers affecting
Critical buffer overflow vulnerability in TOTOLINK A3002RU routers (version 3.0.0-B20230809.1615 and potentially others)
Critical remote buffer overflow vulnerability in TOTOLINK A3002RU firmware version 3.0.0-B20230809.1615 affecting the HT
CVE-2025-6337 is a critical buffer overflow vulnerability in TOTOLINK A3002R and A3002RU routers affecting versions 3.0.
A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an un
Stack-based buffer overflow in TOTOLIK A3002RU firmware versions up to V3.0.0-B20220304.1804 allows authenticated attack
Same weakness CWE-863 – Incorrect Authorization
View allShare
External POC / Exploit Code
Leaving vuln.today