What is CVE-2025-7154?

CVE-2025-7154 is a medium-severity vulnerability in Totolink N200re, classified under Command Injection. CVSS score: 6.3/10. Published 2025-07-08.

How severe is CVE-2025-7154?

Medium severity. CVSS v3 base score is 6.3 out of 10.

RCE in Totolink N200re

CVE-2025-7154

A vulnerability, which was classified as critical, has been found in TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216. Affected by this issue is the function sub_41A0F8 of the file /cgi-bin/cstecgi.cgi. The manipulation of the a…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.057 (90.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Totolink N200re — versions 9.3.5u.6095_B20200916, 9.3.5u.6139_B20201216
Totolink N200re_firmware — versions 9.3.5u.6095_b20200916, 9.3.5u.6139_b20201216

Weakness classification (CWE)

References

VDB-315092 | TOTOLINK N200RE cstecgi.cgi sub_41A0F8 os command injection (technical-description, Third Party Advisory, VDB Entry, vdb-entry)
VDB-315092 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, Permissions Required, permissions-required, VDB Entry)
Submit #606230 | TOTOLINK N200RE V5_V9.3.5u.5812_B20200414 OS Command Injection (Third Party Advisory, VDB Entry, third-party-advisory)
cna@vuldb.com (Exploit, Third Party Advisory, exploit)
cna@vuldb.com (Product, product)

Frequently asked questions

What is CVE-2025-7154?: CVE-2025-7154 is a medium-severity vulnerability in Totolink N200re, classified under Command Injection. CVSS score: 6.3/10. Published 2025-07-08.
How severe is CVE-2025-7154?: Medium severity. CVSS v3 base score is 6.3 out of 10.