Critical severityNVD Advisory· Published Dec 3, 2025· Updated Apr 15, 2026

CVE-2025-34319

Description

TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

totolink.tw/support_view/N300RTnvd
www.totolink.net/home/menu/detail/menu_listtpl/download/id/154/ids/36.htmlnvd
www.vulncheck.com/advisories/totolink-n300rt-boa-formwsc-rcenvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000