CVE-2025-7154

Published: Jul 8, 2025Modified: Apr 29, 2026

2.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability, which was classified as critical, has been found in TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216. Affected by this issue is the function sub_41A0F8 of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Affected (2)

Products: Totolink: N200re Firmware

1 product

N200re Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Totolink N200re Firmware	Version 9.3.5u.6095_b20200916

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink N200re Firmware	Version 9.3.5u.6139_b20201216

Running on/with	Platform Versions
Totolink N200re	All versions

Related CWEs

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (6)

https://github.com/FLY200503/IoT-vul/blob/master/Totolink/N200RE/README.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.315092

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.315092

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.606230

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.totolink.net/

Source: cna@vuldb.com

Product

https://github.com/FLY200503/IoT-vul/blob/master/Totolink/N200RE/README.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.