CVE-2025-6299

Name of the Vulnerable Software and Affected Versions TOTOLINK N150RT version 3.4.0-B20190525

Description A critical issue has been discovered, affecting an unknown part of the file /boa/formWSC. The manipulation of the targetAPSsid argument leads to os command injection. This issue can be exploited remotely.

Recommendations For TOTOLINK N150RT version 3.4.0-B20190525, as a temporary workaround, consider restricting access to the /boa/formWSC endpoint and avoid using the targetAPSsid argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.