RCE in Totolink N300rt

CVE-2025-34319

TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.019 (83.6th percentile) — read the EPSS interpretation.

Affected products

Totolink N300rt — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

www.totolink.net/home/menu/detail/menu_listtpl/download/id/154/ids/36.html (patch)
totolink.tw/support_view/N300RT (product)
www.vulncheck.com/advisories/totolink-n300rt-boa-formwsc-rce (third-party-advisory)