CVE-2025-34319: Critical Command Injection Vulnerability Exposes TOTOLINK N300RT Routers

Overview

CVE-2025-34319 describes a critical OS command injection vulnerability affecting TOTOLINK N300RT wireless routers. This vulnerability allows an unauthenticated attacker to execute arbitrary commands on the router’s operating system. Firmware versions prior to V3.4.0-B20250430 are affected, with the vulnerability being discovered in version V2.1.8-B20201030.1539.

Technical Details

The vulnerability resides in the Boa web server’s handling of the formWsc functionality. Specifically, the targetAPSsid request parameter is susceptible to command injection. An attacker can craft a malicious HTTP request containing shell metacharacters within the targetAPSsid parameter. When processed by the vulnerable firmware, these metacharacters are interpreted as OS commands, leading to arbitrary code execution with the privileges of the web server process. Since no authentication is required to send this request, any network-adjacent attacker can potentially exploit this vulnerability.

CVSS Analysis

Currently, a CVSS score is not available for CVE-2025-34319. However, given the potential for unauthenticated remote command execution, it is likely to receive a high to critical CVSS score upon assessment. The impact is severe, as it allows for complete system compromise.

Possible Impact

Successful exploitation of this vulnerability can have severe consequences:

• Complete Router Compromise: Attackers can gain full control of the router.
• Data Theft: Sensitive information such as Wi-Fi passwords and network configurations can be stolen.
• Malware Infection: The router can be infected with malware, turning it into a botnet node.
• Network Pivoting: The compromised router can be used as a pivot point to attack other devices on the network.
• Denial of Service (DoS): Attackers can disable the router, causing network outages.

Mitigation and Patch Steps

The primary mitigation strategy is to update the router’s firmware to version V3.4.0-B20250430 or later. TOTOLINK has released a patch to address this vulnerability. Follow these steps to update your router:

1. Visit the TOTOLINK support website: TOTOLINK N300RT Support
2. Download the latest firmware version for your N300RT router.
3. Log in to your router’s web interface (usually at 192.168.0.1 or 192.168.1.1).
4. Navigate to the firmware upgrade section.
5. Upload the downloaded firmware file and follow the on-screen instructions.
6. After the update, ensure the router is rebooted and the new firmware version is running.

If updating the firmware is not immediately possible, consider the following temporary mitigations:

• Disable remote management of the router.
• Ensure a strong Wi-Fi password is in place.

References

• TOTOLINK N300RT Support: https://totolink.tw/support_view/N300RT
• TOTOLINK Firmware Download: https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/154/ids/36.html
• VulnCheck Advisory: https://www.vulncheck.com/advisories/totolink-n300rt-boa-formwsc-rce