CVE Catalog

CVE-2025-51390

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

High risk
1.80%

76th percentile - higher than 76% of all known CVEs

Summary

A command injection vulnerability was discovered in the TOTOLINK N600R router running firmware version V4.3.0cu.7647_B20210106. The issue resides in the setWiFiWpsConfig function via the pin parameter.

Risk Assessment

An attacker can remotely execute arbitrary system commands on the device, leading to full compromise of the router and potential network takeover.

Recommendation

Immediately update the TOTOLINK N600R firmware to the latest available version. If no update is available, restrict administrative access to trusted networks only.

Original NVD description (English source)

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS