TOTOLINK N350R Telnet Service formSysTel backdoor_CVE-2025-8938

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-8938

Source VulDB

Published Aug 14, 2025 at 05:02

Affected Product

Vendor TOTOLINK

Product N350R

Version 1.2.3-B20130826

Affected Versions TOTOLINK N350R 1.2.3-B20130826

CWE Classification

CWE-912

References

{
    "lastseen": "",
    "description": "A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-08-14T05:02:09.169Z",
    "modified": "2025-08-14T05:02:09.169Z",
    "type": "cve",
    "title": "TOTOLINK N350R Telnet Service formSysTel backdoor",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.319901\nhttps://vuldb.com/?ctiid.319901\nhttps://vuldb.com/?submit.631837\nhttps://github.com/rew1X/CVE/blob/main/TOTOLINK/formSysTel/formSysTel.md\nhttps://github.com/rew1X/CVE/blob/main/TOTOLINK/formSysTel/formSysTel.md#poc\nhttps://www.totolink.net/",
    "id": "CVE-2025-8938",
    "bulletinFamily": "",
    "cwe": [
        "CWE-912"
    ],
    "cvelist": null,
    "sourceData": "TOTOLINK N350R 1.2.3-B20130826",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "N350R",
    "version": "1.2.3-B20130826",
    "vendor": "TOTOLINK",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}