CVE-2025-34319

EUVD-2025-201000
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Common Weakness Enumeration
References
https://totolink.tw/support_view/N300RT
https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/154/ids/36.html
https://www.vulncheck.com/advisories/totolink-n300rt-boa-formwsc-rce