← volver
CVE-2025-34319

TOTOLINK N300RT <= V2.1.8-B20201030.1539 Boa formWsc RCE

CVSS 9.3 CRITICALEPSS 4.2%CWE-78
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
TOTOLINK · N300RT

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://totolink.tw/support_view/N300RThttps://www.totolink.net/home/menu/detail/menu_listtpl/download/id/154/ids/36.htmlhttps://www.vulncheck.com/advisories/totolink-n300rt-boa-formwsc-rce