CVE-2025-25579
Published: 28 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-25579 is a command injection vulnerability (CWE-78) affecting the TOTOLINK A3002R router running firmware version V4.0.0-B20230531.1404. The flaw resides in the /bin/boa component and is triggered via the "bandstr" parameter, allowing attackers to inject operating system commands. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for complete system compromise.
Any unauthenticated attacker with network access to the affected device can exploit this vulnerability without user interaction or privileges. Successful exploitation enables remote command execution, granting full control over the router, including data exfiltration, modification of configurations, or disruption of services.
Proof-of-concept exploits are available in public repositories, such as https://gist.github.com/regainer27/0abf6f56eae3fa2826d2551e22c2ace3 and https://github.com/regainer27/totolink_A3002R_remote_command_exec, demonstrating remote command execution capabilities. No official vendor advisories or patches are detailed in the available references.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a remote unauthenticated OS command injection via the web interface (boa) on a network device (router), enabling exploitation of a public-facing application (T1190) and command/script execution using the network device CLI/interpreter (T1059.008).