CVE Details
Basic Information
| Title | TOTOLINK N200RE cstecgi.cgi sub_41A0F8 os command injection |
|---|---|
| Type | cve |
| Published | 2025-07-08T00:32:07.691Z |
| Modified | 2025-07-08T00:32:07.691Z |
Product Information
| Vendor | TOTOLINK |
|---|---|
| Product | N200RE |
| Version | 9.3.5u.6095_B20200916 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A critical vulnerability in TOTOLINK N200RE routers allows remote attackers to execute system commands via os command injection in the Hostname argument of the cstecgi.cgi file. This could lead to full system compromise. |
|---|---|
| AI Severity | Critical |
| AI Vendor | TOTOLINK |
| AI Product | TOTOLINK N200RE |
| AI Version | 9.3.5u.6095_B20200916, 9.3.5u.6139_B20201216 |
Affected Products
- TOTOLINK N200RE 9.3.5u.6095_B20200916
- TOTOLINK N200RE 9.3.5u.6139_B20201216
Additional Information
| CWE List | CWE-78, CWE-77 |
|---|---|
| Source | VulDB |
Description
A vulnerability, which was classified as critical, has been found in TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216. Affected by this issue is the function sub_41A0F8 of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.