TOTOLINK N300RT

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter.

AI Analysis

OS command injection vulnerability in Boa formWsc handling functionality

Basic Information

ID CVE-2025-34319

Source VulnCheck

Published Dec 3, 2025 at 16:49

Modified Dec 3, 2025 at 21:27

Affected Product

Vendor TOTOLINK

Product N300RT

Version V2.1.8-B20201030.1539, V3.4.0-B20250430

Affected Versions TOTOLINK N300RT 0

CWE Classification

CWE-78

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor TOTOLINK

Product N300RT wireless router

Version V2.1.8-B20201030.1539, V3.4.0-B20250430

References

{
    "lastseen": "",
    "description": "TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter.",
    "published": "2025-12-03T16:49:11.306Z",
    "modified": "2025-12-03T21:27:04.052Z",
    "type": "cve",
    "title": "TOTOLINK N300RT <= V2.1.8-B20201030.1539 Boa formWsc RCE",
    "source": "VulnCheck",
    "references": "https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/154/ids/36.html\nhttps://totolink.tw/support_view/N300RT\nhttps://www.vulncheck.com/advisories/totolink-n300rt-boa-formwsc-rce",
    "id": "CVE-2025-34319",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "TOTOLINK N300RT 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "N300RT",
    "version": "V2.1.8-B20201030.1539, V3.4.0-B20250430",
    "vendor": "TOTOLINK",
    "ai_description": "OS command injection vulnerability in Boa formWsc handling functionality",
    "ai_severity": "Critical",
    "ai_vendor": "TOTOLINK",
    "ai_product": "N300RT wireless router",
    "ai_version": "V2.1.8-B20201030.1539, V3.4.0-B20250430",
    "ai_score": 9.3
}

TOTOLINK N300RT <= V2.1.8-B20201030.1539 Boa formWsc RCE_CVE-2025-34319