← voltar
CVE-2025-34319

TOTOLINK N300RT <= V2.1.8-B20201030.1539 Boa formWsc RCE

CVSS 9.3 CRITICALEPSS 4.2%CWE-78
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
TOTOLINK · N300RT

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://totolink.tw/support_view/N300RThttps://www.totolink.net/home/menu/detail/menu_listtpl/download/id/154/ids/36.htmlhttps://www.vulncheck.com/advisories/totolink-n300rt-boa-formwsc-rce