Primary

Context

TOTOLINK N300RT OS Command Injection Vulnerability in Boa formWsc Handling

Vulnerability

Patched

A command injection vulnerability has been identified in the TOTOLINK N300RT wireless router, affecting firmware versions prior to V3.4.0-B20250430. This vulnerability arises in the Boa web server's formWsc handling, where an unauthenticated attacker can execute arbitrary commands by sending specially crafted requests that include the targetAPSsid parameter.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the router.

Remediation

Users can upgrade to TOTOLINK N300RT firmware version V3.4.0-B20250430 to address this vulnerability.

Added: Dec 3, 2025, 5:20 PM

Updated: Dec 3, 2025, 5:20 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

7.8

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

7.8

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TOTOLINK N300RT OS Command Injection Vulnerability in Boa formWsc Handling

Vulnerability

Impact

Remediation

Affected Products

TOTOLINK N300RT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating