CVE-2025-34319

Vulnerability Description

TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter.

Related Weaknesses (CWE)

CWE-78

References

https://totolink.tw/support_view/N300RT
https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/154/ids/36.ht
https://www.vulncheck.com/advisories/totolink-n300rt-boa-formwsc-rce

FAQ

What is CVE-2025-34319?

CVE-2025-34319 is a documented vulnerability. TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionalit...

How severe is CVE-2025-34319?

CVSS scoring is not yet available for CVE-2025-34319. Check NVD for updates.

Is there a patch for CVE-2025-34319?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.