A3002r Firmware
CVE-2024-54907
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc.
AnalysisAI
TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc. Affected products include: Totolink A3002R Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.
More in A3002r Firmware
View allTOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr. Rated critical severit
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc f
TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. Rated critical severi
TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl. Rated
CVE-2025-6393 is a critical buffer overflow vulnerability in the HTTP POST request handler of TOTOLINK routers affecting
Critical buffer overflow vulnerability in TOTOLINK A3002R router firmware version 4.0.0-B20230531.1404, affecting the HT
Critical buffer overflow vulnerability in TOTOLINK A3002R firmware version 4.0.0-B20230531.1404 affecting the HTTP POST
CVE-2025-6337 is a critical buffer overflow vulnerability in TOTOLINK A3002R and A3002RU routers affecting versions 3.0.
CVE-2025-6487 is a critical stack-based buffer overflow vulnerability in TOTOLINK A3002R router firmware version 1.1.1-B
CVE-2025-6486 is a critical stack-based buffer overflow vulnerability in TOTOLINK A3002R router firmware version 1.1.1-B
TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. Rated hig
TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. Rated high severity (CVSS 8.0), this vul
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today