PT-2025-48962 · Totolink · Totolink N300Rt
Shiyi Xie
+2
·
Published
2025-12-03
·
Updated
2025-12-03
·
CVE-2025-34319
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
TOTOLINK N300RT versions prior to V3.4.0-B20250430
Description
The TOTOLINK N300RT wireless router firmware contains an OS command injection issue in the Boa formWsc handling functionality. An unauthenticated attacker can trigger command execution by sending specially crafted requests through the
targetAPSsid parameter.Recommendations
Update to version V3.4.0-B20250430 or later.
Fix
RCE
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink N300Rt