CVE-2025-55590 – This CVE describes a command injection vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-55590?

CVE-2025-55590 has a CVSS score of 6.5 (MEDIUM). This CVE describes a command injection vulnerability in TOTOLINK A3002R routers via the bupload.html component. Attackers can execute arbitrary commands on affected devices, potentially compromising the entire router. This affects users running vulnerable firmware versions of the TOTOLINK A3002R router.

📋 TL;DR

This CVE describes a command injection vulnerability in TOTOLINK A3002R routers via the bupload.html component. Attackers can execute arbitrary commands on affected devices, potentially compromising the entire router. This affects users running vulnerable firmware versions of the TOTOLINK A3002R router.

💻 Affected Systems

Products:

TOTOLINK A3002R

Versions: v4.0.0-B20230531.1404 and potentially earlier versions

Operating Systems: Embedded Linux (Boa web server)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface component bupload.html. Default configurations are vulnerable.

📦 What is this software?

A3002r Firmware by Totolink

View all CVEs affecting A3002r Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attacker to install persistent backdoors, intercept all network traffic, pivot to internal networks, or brick the device.

🟠

Likely Case

Router takeover enabling traffic interception, DNS hijacking, credential theft, and lateral movement to connected devices.

🟢

If Mitigated

Limited impact if router is isolated from critical networks and has restricted administrative access.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them accessible to remote attackers.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they gain network access or through phishing/social engineering.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Proof of concept available on GitHub. Exploitation requires access to the web interface, which typically requires authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check TOTOLINK for updated firmware

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check TOTOLINK website for firmware updates. 2. Download latest firmware for A3002R. 3. Log into router web interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable web management interface

all

Disable the vulnerable web interface component to prevent exploitation

Restrict administrative access

all

Limit web interface access to specific IP addresses only

🧯 If You Can't Patch

Isolate router on separate VLAN away from critical systems
Implement strict firewall rules to block external access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface at System Status > Device Info

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Verify firmware version is newer than v4.0.0-B20230531.1404 and test bupload.html functionality

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Multiple failed login attempts followed by bupload.html access
Suspicious file uploads via web interface

Network Indicators:

Unusual outbound connections from router
Traffic to known malicious IPs from router
DNS queries to suspicious domains

SIEM Query:

source="router_logs" AND ("bupload.html" OR "command injection" OR "shell_exec")

📊 Metadata

CVE ID: CVE-2025-55590

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-77

EPSS Score: 4.29% exploit probability (88.6th percentile)

Published: August 18, 2025

Last Updated: August 21, 2025

🔗 References

https://github.com/goldenGlow21/softwares_PoC/blob/main/A3002R_V4/Boa%20-%20Command%20Injection/PoC%203.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55590, you might also want to check these: