CVE-2025-7154

Name of the Vulnerable Software and Affected Versions: TOTOLINK N200RE versions 9.3.5u.6095 B20200916 through 9.3.5u.6139 B20201216

Description: A critical issue has been found, affecting the function sub 41A0F8 of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Hostname leads to os command injection. This issue can be exploited remotely.

Recommendations: For versions 9.3.5u.6095 B20200916 through 9.3.5u.6139 B20201216, as a temporary workaround, consider restricting access to the /cgi-bin/cstecgi.cgi file to minimize the risk of exploitation. Avoid using the Hostname argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.