CRITICALšŸ‡µšŸ‡± Wersja polska

CVE-2025-51390

CVSS 9.8v3.1pub. 2025-08-04upd. 2026-07-05

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function.

šŸ¤– AI Analysis
How it works

The vulnerability results from insufficient validation of input data of the 'pin' parameter passed to the setWiFiWpsConfig function in the router's firmware. An attacker can provide a crafted parameter value containing malicious system commands, which will be executed directly by the device's command interpreter. The attack does not require authentication or user interaction, and can be performed remotely over the network.

Impact

An attacker gains the ability to execute arbitrary commands with the router's operating system privileges, which may result in complete device takeover, disclosure of confidential data, modification of network configuration, or use of the router as an entry point for further attacks on the internal network.

Mitigation & patch

Apply patches available from the manufacturer according to references. In case of missing updates, it is recommended to restrict access to the device management interface only to trusted IP addresses and disable WPS functionality if not required.

Who is affected

TOTOLINK N600R in firmware version V4.3.0cu.7647_B20210106

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Totolink N600r

    HW
    Totolink
    wszystkie wersje
  • Totolink N600r Firmware

    OS
    Totolink
    4.3.0cu.7647_b20210106
šŸ”µ
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2025-46060CRITICAL9.8PL āœ“ten sam produkt

Buffer Overflow w TOTOLINK N600R umożliwiający zdalne wykonanie kodu

CVE-2025-22900CRITICAL9.8PL āœ“ten sam produkt

Stack overflow w Totolink N600R — podatność w funkcji setWanConfig

CVE-2023-43141CRITICAL9.8ten sam produkt

TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.

CVE-2022-28907CRITICAL9.8ten sam produkt

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hostti...

CVE-2022-28906CRITICAL9.8ten sam produkt

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langty...

CVE-2025-51390 — Totolink — N600R — CRITICAL — CVSS 9.8 | CVEbaza.pl