Lucene search
K

TOTOLINK N300RB 8.54 - Command Execution

🗓️ 16 Jul 2025 00:00:00Reported by Skander BELABED - Magellan SécuritéType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 265 Views

TOTOLINK N300RB 8.54 allows remote command execution for authenticated attackers.

Related
Code
# Title: TOTOLINK N300RB 8.54 - Command Execution
# Author: Skander BELABED - Magellan Sécurité
# Date: 07/11/2025
# Vendor: TOTOLINK
# Product: N300RB
# Firmware version: 8.54
# CVE: CVE-2025-52089

## Description:
A hidden remote support feature protected by a static secret in TOTOLINK
N300RB firmware version 8.54 allows an authenticated attacker to execute
arbitrary OS commands with root privileges.

# Reproduce:
[href](
https://0x09.dev/posts/toto_decouvre_une_interface_de_debug/)

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

16 Jul 2025 00:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.18.8
EPSS0.07063
SSVC
265