CVE Details
Basic Information
| Title | TOTOLINK N150RT formWSC os command injection |
|---|---|
| Type | cve |
| Published | 2025-06-20T02:00:18.242Z |
| Last Seen |
Product Information
| Vendor | TOTOLINK |
|---|---|
| Product | N150RT |
| Version | 3.4.0-B20190525 |
CVSS Information
| Base Score | 5.1 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in TOTOLINK N150RT version 3.4.0-B20190525 allows remote OS command injection via the formWSC module. This can lead to full system compromise. |
|---|---|
| AI Severity | High |
| Vendor | TOTOLINK |
| Product | N150RT |
| Affected Version | 3.4.0-B20190525 |
Affected Products
- TOTOLINK N150RT 3.4.0-B20190525
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-78, CWE-77 |
| Bulletin Family |
References
Description
A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.