Cyber Resilience

CVE-2025-45800

CriticalPublic PoCRCE

Published: 02 May 2025

Published
02 May 2025
Modified
04 June 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0104 77.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-45800 is a critical-severity Command Injection (CWE-77) vulnerability in Totolink A950Rg Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

TOTOLINK A950RG firmware version V4.1.2cu.5204_B20210112 contains a command injection vulnerability (CWE-77) in the setDeviceName interface within the /lib/cste_modules/global.so library. The flaw arises during processing of the deviceMac parameter and carries a CVSS 3.1 score of 9.8, reflecting network-accessible exploitation with no required credentials or user interaction.

An unauthenticated attacker with network reachability can supply a crafted deviceMac value to the affected interface and achieve arbitrary command execution on the device. Successful exploitation grants full control over confidentiality, integrity, and availability of the router.

The single public reference is a technical write-up and proof-of-concept hosted on GitHub that demonstrates the injection. No vendor advisory or patch information is included in the available references. The associated EPSS score remains low, with only a modest increase from its initial value to a peak of 0.0147.

EU & UK References

Vulnerability details

TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the deviceMac parameter.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability enables remote command execution through the web interface's setDeviceName endpoint via the deviceMac parameter, facilitating exploitation of a public-facing application on a network device such as a router.

Affected Assets

totolink
a950rg firmware
4.1.2cu.5204_b20210112

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References