diff --git a/TotoLink/CVE-2020-25499/README.md b/TotoLink/CVE-2020-25499/README.md
new file mode 100644
index 0000000..cf2b4da
--- /dev/null
+++ b/TotoLink/CVE-2020-25499/README.md
@@ -0,0 +1,9 @@
+# TOTOLINK routers remote command injection vulnerabilities (CVE-2020-25499)
+
+TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.
+
+**FOFA query rule**: [(body="/boafrm/formLogin" && body="dw(password_warning)")](https://fofa.so/result?qbase64=KGJvZHk9Ii9ib2Fmcm0vZm9ybUxvZ2luIiAmJiBib2R5PSJkdyhwYXNzd29yZF93YXJuaW5nKSIp)
+
+# Demo
+
+![](TOTOLINK_routers_remote_command_injection_vulnerabilities.gif)
\ No newline at end of file
diff --git a/TotoLink/CVE-2020-25499/TOTOLINK_routers_remote_command_injection_vulnerabilities.gif b/TotoLink/CVE-2020-25499/TOTOLINK_routers_remote_command_injection_vulnerabilities.gif
new file mode 100644
index 0000000..daa2a23
Binary files /dev/null and b/TotoLink/CVE-2020-25499/TOTOLINK_routers_remote_command_injection_vulnerabilities.gif differ