CVE-2025-34319
CRITICALTOTOLINK N300RT <V3.4.0-B20250430 - Command Injection
Title source: llmDescription
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter.
References (3)
Core 3
Core References
Various Sources patch
https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/154/ids/36.html
Various Sources product
https://totolink.tw/support_view/N300RT
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/totolink-n300rt-boa-formwsc-rce
Scores
CVSS v4
9.3
EPSS
0.0191
EPSS Percentile
83.5%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
TOTOLINK/N300RT
< V3.4.0-B20250430
Published
Dec 03, 2025
Tracked Since
Feb 18, 2026