A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
                
            References
                    | Link | Resource | 
|---|---|
| https://github.com/CH13hh/tmp_store_cc/blob/main/tt/ta/m2.md | Broken Link | 
| https://vuldb.com/?ctiid.309321 | Permissions Required VDB Entry | 
| https://vuldb.com/?id.309321 | Third Party Advisory VDB Entry | 
| https://vuldb.com/?submit.575073 | Third Party Advisory VDB Entry | 
| https://www.totolink.net/ | Product | 
Configurations
                    Configuration 1 (hide)
| AND | 
 
 | 
History
                    24 May 2025, 00:57
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2025-05-18 03:15
Updated : 2025-05-24 00:57
NVD link : CVE-2025-4850
Mitre link : CVE-2025-4850
CVE.ORG link : CVE-2025-4850
JSON object : View
Products Affected
                totolink
- n300rh_firmware
- n300rh
