CVE-2025-34319

UNKNOWN 0.0

TOTOLINK N300RT <= V2.1.8-B20201030.1539 Boa formWsc RCE

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter.

CWE	CWE-78
Vendor	totolink
Product	n300rt
Published	Dec 3, 2025
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for totolink n300rt

Be the first to know when new unknown vulnerabilities affecting totolink n300rt are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

TOTOLINK / N300RT

0 < V3.4.0-B20250430

References

NVD ↗ CVE.org ↗ EPSS Data ↗

totolink.net: https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/154/ids/36.html totolink.tw: https://totolink.tw/support_view/N300RT vulncheck.com: https://www.vulncheck.com/advisories/totolink-n300rt-boa-formwsc-rce

Credits

YuChieh Kuo ShiYi Xie Zhen-Gao Liu