CVE-2025-45800

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TOTOLINK A950RG version 4.1.2cu.5204 B20210112

Description The issue concerns a command execution vulnerability in the setDeviceName interface of the /lib/cste modules/global.so library. This vulnerability is specifically related to the processing of the deviceMac parameter.

Recommendations For TOTOLINK A950RG version 4.1.2cu.5204 B20210112, consider restricting access to the setDeviceName interface in the /lib/cste modules/global.so library to minimize the risk of exploitation. Avoid using the deviceMac parameter in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

BDU:2025-05367

CVE-2025-45800

Affected Products

Totolink A950Rg

Global.So

CVE-2025-45800

Weakness Enumeration

Related Identifiers

Affected Products

References · 9