TOTOLINK N300RB 8.54 – Command Execution

July 16, 2025 invoker category_exploit

Exploit Details

Basic Information

Exploit Title TOTOLINK N300RB 8.54 – Command Execution
Exploit ID EDB-ID:52363
Type exploitdb
Published 2025-07-16T00:00:00
Modified 2025-07-16T00:00:00

CVSS Information

CVSS Score 8.8
Severity HIGH
Vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE Information

  • CVE-2025-52089

Exploit Description

Title: TOTOLINK N300RB 8.54 – Command Execution Author: Skander BELABED – Magellan Sécurité Date: 07/11/2025 Vendor: TOTOLINK Product:…

Exploit Code

# Title: TOTOLINK N300RB 8.54 – Command Execution

# Author: Skander BELABED – Magellan Sécurité

# Date: 07/11/2025

# Vendor: TOTOLINK

# Product: N300RB

# Firmware version: 8.54

# CVE: CVE-2025-52089

## Description:

A hidden remote support feature protected by a static secret in TOTOLINK

N300RB firmware version 8.54 allows an authenticated attacker to execute

arbitrary OS commands with root privileges.

# Reproduce:

[href](

https://0x09.dev/posts/toto_decouvre_une_interface_de_debug/)

View Full Exploit Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.