CVE-2025-34319
CVE-2025-34319
9.3
CriticalPublished:
Last updated:
Source:disclosure@vulncheck.com
Deferred
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter.
References
disclosure@vulncheck.com
https://totolink.tw/support_view/N300RTdisclosure@vulncheck.com
https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/154/ids/36.htmldisclosure@vulncheck.com
https://www.vulncheck.com/advisories/totolink-n300rt-boa-formwsc-rce