Totolink A3002r Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Totolink A3002r Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (61)
CVE-2024-34195 — CVSS 9.8 (critical): TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling…
CVE-2025-55591 — CVSS 9.8 (critical): TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the…
CVE-2025-45865 — CVSS 9.8 (critical): TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr parameter in the formDhcpv6s interface.
CVE-2025-45863 — CVSS 9.8 (critical): TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the macstr parameter in the formMapDelDevice…
CVE-2025-45861 — CVSS 9.8 (critical): TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername parameter in the formDnsv6 interface.
CVE-2025-45858 — CVSS 9.8 (critical): TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function.
CVE-2022-40109 — CVSS 9.8 (critical): TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa.
CVE-2024-42520 — CVSS 9.8 (critical): TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.
CVE-2022-40111 — CVSS 9.8 (critical): In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware.
CVE-2025-6487 — CVSS 8.8 (high): A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute…
CVE-2024-54907 — CVSS 8.8 (high): TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc.
CVE-2025-4730 — CVSS 8.8 (high): A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is…
CVE-2025-4731 — CVSS 8.8 (high): A vulnerability classified as critical has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of…
CVE-2025-4732 — CVSS 8.8 (high): A vulnerability classified as critical was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This vulnerability affects unknown…
CVE-2025-4733 — CVSS 8.8 (high): A vulnerability, which was classified as critical, has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This issue affects…
CVE-2025-4823 — CVSS 8.8 (high): A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue…
CVE-2025-4824 — CVSS 8.8 (high): A vulnerability classified as critical has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown…
CVE-2025-4825 — CVSS 8.8 (high): A vulnerability classified as critical was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This vulnerability affects…
CVE-2025-4826 — CVSS 8.8 (high): A vulnerability, which was classified as critical, has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This issue…
CVE-2025-4827 — CVSS 8.8 (high): A vulnerability, which was classified as critical, was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Affected is an…
CVE-2025-4829 — CVSS 8.8 (high): A vulnerability classified as critical was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Affected by this vulnerability…
CVE-2025-4830 — CVSS 8.8 (high): A vulnerability, which was classified as critical, has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Affected by…
CVE-2025-4831 — CVSS 8.8 (high): A vulnerability, which was classified as critical, was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This affects an…
CVE-2025-4832 — CVSS 8.8 (high): A vulnerability has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615 and classified as critical. This vulnerability…
CVE-2025-4833 — CVSS 8.8 (high): A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615 and classified as critical. This issue affects some…
CVE-2025-4834 — CVSS 8.8 (high): A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been classified as critical. Affected is an…
CVE-2025-4835 — CVSS 8.8 (high): A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this…
CVE-2025-6149 — CVSS 8.8 (high): A vulnerability classified as critical has been found in TOTOLINK A3002R 4.0.0-B20230531.1404. Affected is an unknown function of the file…
CVE-2025-6164 — CVSS 8.8 (high): A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the…
CVE-2025-6337 — CVSS 8.8 (high): A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615/4.0.0-B20230531.1404. It has been declared as critical…
CVE-2025-6393 — CVSS 8.8 (high): A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1…
CVE-2025-6486 — CVSS 8.8 (high): A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the…
CVE-2020-25499 — CVSS 8.8 (high): TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this…
CVE-2025-25610 — CVSS 8.0 (high): TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation…
CVE-2025-25635 — CVSS 8.0 (high): TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation…
CVE-2025-25609 — CVSS 8.0 (high): TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation…
CVE-2024-33820 — CVSS 7.5 (high): Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the…
CVE-2025-55586 — CVSS 7.5 (high): TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This…
CVE-2022-40112 — CVSS 7.5 (high): TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostname parameter in binary /bin/boa.
CVE-2022-40110 — CVSS 7.5 (high): TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via /bin/boa.
CVE-2025-55588 — CVSS 7.5 (high): TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This…
CVE-2025-55587 — CVSS 7.5 (high): TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice…
CVE-2025-55585 — CVSS 6.5 (medium): TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function.
CVE-2025-55589 — CVSS 6.5 (medium): TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and…
CVE-2025-45862 — CVSS 6.5 (medium): TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s…
CVE-2025-55590 — CVSS 6.5 (medium): TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html.
CVE-2025-6485 — CVSS 6.3 (medium): A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function…
CVE-2025-4729 — CVSS 6.3 (medium): A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this…
CVE-2021-34207 — CVSS 6.1 (medium): Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute…
CVE-2021-34228 — CVSS 6.1 (medium): Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to…
CVE-2021-34223 — CVSS 6.1 (medium): Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute…
CVE-2021-34220 — CVSS 6.1 (medium): Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute…
CVE-2021-34215 — CVSS 6.1 (medium): Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute…
CVE-2025-45859 — CVSS 5.4 (medium): TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice…
CVE-2025-45866 — CVSS 5.4 (medium): TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s…
CVE-2025-45864 — CVSS 5.4 (medium): TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s…
CVE-2025-45867 — CVSS 5.4 (medium): TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup…
CVE-2021-34218 — CVSS 5.3 (medium): Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/…
CVE-2025-55584 — CVSS 5.3 (medium): TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account.
CVE-2025-4852 — CVSS 2.4 (low): A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some…